Solved

permission to run "execute as"

Posted on 2010-08-27
10
264 Views
Last Modified: 2012-05-10
what permissions are needed to run the above clause?

thanks
0
Comment
Question by:anushahanna
  • 5
  • 4
10 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 167 total points
ID: 33542629
see here in the docs:
http://technet.microsoft.com/en-us/library/ms188354.aspx

  Permissions

To execute a module specified with EXECUTE AS, the caller must have EXECUTE permissions on the module.

To execute a CLR module specified with EXECUTE AS that accesses resources in another database or server, the target database or server must trust the authenticator of the database from which the module originates (the source database). For more information about how to establish authenticator trust, see Extending Database Impersonation by Using EXECUTE AS.

To specify the EXECUTE AS clause when you create or modify a module, you must have IMPERSONATE permissions on the specified principal and also permissions to create the module. You can always impersonate yourself. When no execution context is specified or EXECUTE AS CALLER is specified, IMPERSONATE permissions are not required.

To specify a login_name or user_name that has implicit access to the database through a Windows group membership, you must have CONTROL permissions on the database.

Open in new window

0
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 333 total points
ID: 33542630
impersonation permissions are required.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33543258
what is a 'module' in this context? what about in a tSQL window in SSMS- what category is that?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 6

Author Comment

by:anushahanna
ID: 33543260
>>impersonation permissions are required.
can you give that in a grant statement?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33544309
sure:

USE master;
GRANT IMPERSONATE ON LOGIN::WanidaBenshoof to [AdvWorks\YoonM];
GO
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544471
OK. Thanks.

In this case, what role/permissions does WanidaBenshoof have he is able to share with YoonM?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33544486
that account may have admin/special permissions that you want yoonM to be able to execute
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544590
OK. What if you do not want yoonM to have sa privileges but just be able to use"execute as" in his query?
0
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 333 total points
ID: 33544605
allow them to impersonate a user w/ the permissions you want to mimic
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33544639
could you do selective permissions on the impersonate command
what would you change in the following to just give that permissions to YoonM, and not anything else special?

USE master;
GRANT IMPERSONATE ON LOGIN::WanidaBenshoof to [AdvWorks\YoonM];
GO
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I wrote this interesting script that really help me find jobs or procedures when working in a huge environment. I could I have written it as a Procedure but then I would have to have it on each machine or have a link to a server-related search that …
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question