stackoom
  简体   繁体   中英

SQL Server 2019 - The server principal "sa" is not able to access the database "DB_NAME" under the current security context

 原文  2020-09-01 23:57:20       sql-server/ sql-server-2019/ database-security

Question

I've written the following stored procedure:

CREATE PROCEDURE dbo.usp_DEMO 
    @LOGINSQL VARCHAR(30), 
    @DBNAME VARCHAR(40) 
WITH EXECUTE AS owner
AS 
    DECLARE @SQL NVARCHAR(1000) 
    SET @SQL = 'USE' 
    SET @SQL = @SQL + ' ' + @DBNAME + ' ' + ' CREATE USER ' + ' ' 
               + @LOGINSQL + ' ' + ' FOR LOGIN ' + ' ' + @LOGINSQL + ' ' 
               + ' ALTER ROLE [DB_OWNER] ADD MEMBER ' + ' ' 
               + @LOGINSQL 
    EXEC sp_executesql @SQL

Running like this:

use master
go
exec usp_DEMO '<LOGIN>','<DATABASE>'

I'm running from Master in a SQL Server 2019 STD Edition (RTM-CU6) (KB4563110) and I get this error:

Msg 916, Level 14, State 2, Line 14
The server principal "<OWNER_LOGIN>" is not able to access the database "<DB_NAME>" under the current security context.

The idea is using a stored procedure to map a login to database and give db_owner role.

Any idea how can I solve the error?

2 answers

solution1
 3  

Check the target database owner and if the database owner is not sa or the TRUSTWORTHY property of the target database is OFF , you will receive the "The server principal "sa" is not able to access the database "DB_NAME" under the current security context" error when impersonating SA by using the EXECUTE AS in a stored procedure:

https://learn.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ms188304(v=sql.105)?redirectedfrom=MSDN :

When impersonating a principal by using the EXECUTE AS USER statement, or within a database-scoped module by using the EXECUTE AS clause, the scope of impersonation is restricted to the database by default. This means that references to objects outside the scope of the database will return an error.

Options resolve the error "The server principal "sa" is not able to access the database "DB_NAME" under the current security context" :

Note: In the below options replace {{TargetDb}} with actual DB_NAME

  1. Change the target database owner to sa
USE {{TargetDb}} 
sp_changedbowner 'sa'
  1. Or turn on the TRUSTWORTHY property in the target database:
ALTER DATABASE {{TargetDb}} SET TRUSTWORTHY ON

solution2
 1  2020-09-02 03:13:53

Remove the WITH EXECUTE AS owner

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question The server principal “sa” is not able to access the database “model” under the current security context “service broker” The server principal “sa” is not able to access the database under the current security context The server principal **** is not able to access **** the database under the current security context The server principal is not able to access the database under the current security context The server principal is not able to access the database under the current security context in SQL Server MS 2012 SQL Server: The server principal is not able to access the database under the current security context / windows authentication for the login The server principal "XYuser" is not able to access the database "Ydb" under the current security context The server principal “DevMe” is not able to access the database “CallManager” under the current security context SQL Service Broker - The server principal “sa” is not able to access server principal not able to access database on second call
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM