Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can I 'EXECUTE AS' a DML trigger? 1

Status
Not open for further replies.
TheBugSlayer

TheBugSlayer

Programmer
Sep 22, 2002
887
0
0
US
I have an audit FOR INSERT trigger on a client table. It saves information pertaining to the newly created client and which user created it in the audit table. Among the information recorded is the host name and the IP address, which is obtained from the DMV sys.dm_exec_connections. However, users must have VIEW SERVER STATE permissions to use the said view. I have granted the proper permission to two application logins already. It can be a little tedious to grant the same permission repeatedlly. My question is, is it possible to execute my trigger under the security context of another principal, as is possible with DDL triggers, SPs, queues and functions?

Thanks for your advice.

MCP SQL Server 2000, MCTS SQL Server 2005, MCTS SQL Server 2008 (DBD, DBA)
 
Sort by date Sort by votes
I'm not quite clear on what you are looking for, but I think this might be it.

You want people to use the view, but you don't want to have to keep adding new logins to the view. One way is to create a database role (ie. db_useview) and grant the role access to the view (GRANT SELECT ON <viewname> TO db_useview). Then you just grant the login db_useview and they will have that permission on the view.

-SQLBill

The following is part of my signature block and is only intended to be informational.
Posting advice: FAQ481-4875
 
Upvote 0 Downvote
SQLBill, that's one way of doing it, the traditional way. However what I am asking is specifically whether the EXECUTE AS clause is possible within a DML trigger. From what I know and see, I believe it's not but maybe it is...
You can do this with SP, which allows a user who has no permission on the SP directly to run it as a user who does have permission on it and the objects it accesses:
SQL: 
USE Sales;
GO
CREATE PROCEDURE dbo.usp_Demo
WITH EXECUTE AS 'CompanyDomain\SqlUser1'
AS
   SELECT user_name();
GO
What I am asking is, can you write something like this:
SQL: 
CREATE TRIGGER [dbo].[Client_Audit] 
   [COLOR=green]WITH EXECUTE AS sa[/color]
   ON  [dbo].[Client] 
   FOR INSERT
   AS
   ...
   [COLOR=green]SELECT @IPAddress = client_net_address FROM sys.dm_exec_connections WHERE session_id = @@SPID[/color]
   ...
or some impersonation of a user with the rights to the system DVM?
Thanks.

MCP SQL Server 2000, MCTS SQL Server 2005, MCTS SQL Server 2008 (DBD, DBA)
 
Upvote 0 Downvote
sql 2008 R2 does allow a "execute as" on triggers - so unless the version you are using doesn't allow it you should be good

Regards

Frederico Fonseca
SysSoft Integrated Ltd

FAQ219-2884
FAQ181-2886
 
Upvote 0 Downvote
Thanks Frederic. The server is 2005, my SSMS is 2008 R2, so I can't use it but it's good to know the feature is available.

MCP SQL Server 2000, MCTS SQL Server 2005, MCTS SQL Server 2008 (DBD, DBA)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

grnzbra
  • Locked
  • Question
SQL Server in Windows
Replies
1
Views
119
pjw001
pjw001
TheBugSlayer
  • Locked
  • Question
High Availability - insert fails on primary replica but runs on secondary after failover.
Replies
0
Views
76
TheBugSlayer
TheBugSlayer
baran121
  • Locked
  • Question
take a database from system databse place
Replies
2
Views
77
iambob
iambob
tekpr00
  • Locked
  • Question
Hello I am new to a new organizatio
Replies
1
Views
48
johnherman
johnherman
CodeWell
  • Locked
  • Question
SQL Server 2017 Install Issue - Database Not in Configuration Manager
Replies
0
Views
96
CodeWell
CodeWell

Part and Inventory Search

Sponsor

Back
Top