Solved

permission to run "execute as"

Posted on 2010-08-27
10
246 Views
Last Modified: 2012-05-10
what permissions are needed to run the above clause?

thanks
0
Comment
Question by:anushahanna
  • 5
  • 4
10 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 167 total points
ID: 33542629
see here in the docs:
http://technet.microsoft.com/en-us/library/ms188354.aspx

  Permissions



To execute a module specified with EXECUTE AS, the caller must have EXECUTE permissions on the module.



To execute a CLR module specified with EXECUTE AS that accesses resources in another database or server, the target database or server must trust the authenticator of the database from which the module originates (the source database). For more information about how to establish authenticator trust, see Extending Database Impersonation by Using EXECUTE AS.



To specify the EXECUTE AS clause when you create or modify a module, you must have IMPERSONATE permissions on the specified principal and also permissions to create the module. You can always impersonate yourself. When no execution context is specified or EXECUTE AS CALLER is specified, IMPERSONATE permissions are not required.



To specify a login_name or user_name that has implicit access to the database through a Windows group membership, you must have CONTROL permissions on the database.

Open in new window

0
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 333 total points
ID: 33542630
impersonation permissions are required.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33543258
what is a 'module' in this context? what about in a tSQL window in SSMS- what category is that?
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33543260
>>impersonation permissions are required.
can you give that in a grant statement?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33544309
sure:

USE master;
GRANT IMPERSONATE ON LOGIN::WanidaBenshoof to [AdvWorks\YoonM];
GO
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 6

Author Comment

by:anushahanna
ID: 33544471
OK. Thanks.

In this case, what role/permissions does WanidaBenshoof have he is able to share with YoonM?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33544486
that account may have admin/special permissions that you want yoonM to be able to execute
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544590
OK. What if you do not want yoonM to have sa privileges but just be able to use"execute as" in his query?
0
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 333 total points
ID: 33544605
allow them to impersonate a user w/ the permissions you want to mimic
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544639
could you do selective permissions on the impersonate command
what would you change in the following to just give that permissions to YoonM, and not anything else special?

USE master;
GRANT IMPERSONATE ON LOGIN::WanidaBenshoof to [AdvWorks\YoonM];
GO
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now