SQL User cannot access file system with functions or queries

I have a user that is trying to run an SQL function that includes:
   
xp_dirtree @directory, 10, 1

Open in new window


in SQLServer 2008.

The function works fine on other accounts that people use but on this users account it doesn't seem to allow their SQL user account to access the file system.

I cannot work out if the access to the file structure is a setting within SSMS on the user account there or if it something within the file permissions on the file server or something within the settings of the users domain account.

The Set-up is SQL Server 2008.
File Server is Windows Server 2012 R2
SQL Server is Windows Server 2008 R2
The User has "Owner" level permission on the database where the function and output tables are stored.
The User has "modify" permissions

Any help would be great.

Kind Regards

Matt
Matt BartlettAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel_PLDB Expert/ArchitectCommented:
This command uses SQL Server service account permissions. Inside SQL Server you grant permissions to this function, however, outside SQL Server its service account gets data for you.
Don't forget it's an undocumented procedure.
Matt BartlettAuthor Commented:
So is it possible to set this user to be able to run this function?
Whether that be a work around or change to the function to run it through the service account or some settings that need to be changed, we just need this user account to be able to run the function.

Kind regards

Matt
Daniel_PLDB Expert/ArchitectCommented:
Inside database you have to be a sysadmin to run this procedure. Outside at filesystem level SQL Server service account has to have apropriate permissions.

According to Erland Sommarskog you can wrap it and grant access to other users:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/be74d21e-8723-4d63-9df0-1cf76cf049e0/running-xpdirtree?forum=sqlsecurity

*You write a stored procedure that calls xp_dirtree
*Then you create a certificate in the master database which you use to sign the wrapper
*Then you create a login from the certificate (this login cannot log in, it's just a holder for permissions)
*Then you add the cert login to sysadmin
*Finally, you grant permission to the user in question
*If you put the procedure in master, you will need to add the user to master

Open in new window


Here is some example of how to wrap xp_dirtree
http://www.patrickkeisler.com/2012/12/how-to-use-xpdirtree-to-list-all-files-par t2.html

Open in new window


Regards,
Daniel

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Matt BartlettAuthor Commented:
Thanks Daniel.

I can start working on this with the links you provided. We have a new starter that doesn't need sysadmin level rights and this work around should allow these functions to continue as normal.

Kind regards

Matt
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SQL

From novice to tech pro — start learning today.