We help IT Professionals succeed at work.

Use xp_create_subdir with Non Administrative accounts


I'm trying to allow non admins to use the xp_create_subdir function (Responsibly) in T-SQL 2016 environment within a stored procedure. We have a process in place where we keep billing backup (Proof of work) in an invoice folder.  Once the file is billed we need to create the next iteration of that billing number. Example for file 12345.  Once we bill 12345-1 we want to create a folder called 12345-2.

I've created a user account that will be used as a service account. This was done so rights to the folder location could be granted.  Inside the database I've created the stored procedure using "WITH EXECUTE AS OWNER" as I do not wish to grant all users the ability to use xp_create_Subdir. I’ve created a new schema just for this sp, the schema owner has been set to the service account. I’ve added the service account as the schema owner, db_Owner, and sysadmin.  Only the sysadmin permission is required, but I want to try to alleviate any suggestions I've already tried. I’ve also granted execute rights to the xp_Create_subdir function to the service account.
The execute line is fairly generic:
DECLARE @FilePath varchar(255)
SET @FilePath = ‘[File Path]’
EXEC master.dbo.xp_create_subdir @FilePath

I have run the script myself (sysadmin) and it works.  However as soon as it’s put in a stored procedure it fails with error:
Msg 22048, Level 16, State 1, Line 2
Error executing 'xp_create_subdir': Permission denied. User must be a member of 'sysadmin' server role.

I’ve also tried adding myself (sysadmin) as the owner of the stored procedure, schema, and database, then executed the stored procedure under my sysadmin login, and get the same error.  What am I missing?
Watch Question

Senior DBA
Most Valuable Expert 2018
Distinguished Expert 2019
Just to be sure, mark the db as TRUSTWORTHY, and then try again. (Naturally take into account what the TRUSTWORTHY setting could do to thing in your enviroment).


That was my missing piece.  Thank you!