Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SQL Server 2019 - The server principal "sa" is not able to access the database "DB_NAME" under the current security context

Tags:

sql-server

database-security

sql-server-2019

I've written the following stored procedure:

CREATE PROCEDURE dbo.usp_DEMO 
    @LOGINSQL VARCHAR(30), 
    @DBNAME VARCHAR(40) 
WITH EXECUTE AS owner
AS 
    DECLARE @SQL NVARCHAR(1000) 
    SET @SQL = 'USE' 
    SET @SQL = @SQL + ' ' + @DBNAME + ' ' + ' CREATE USER ' + ' ' 
               + @LOGINSQL + ' ' + ' FOR LOGIN ' + ' ' + @LOGINSQL + ' ' 
               + ' ALTER ROLE [DB_OWNER] ADD MEMBER ' + ' ' 
               + @LOGINSQL 
    EXEC sp_executesql @SQL

Running like this:

use master
go
exec usp_DEMO '<LOGIN>','<DATABASE>'

I'm running from Master in a SQL Server 2019 STD Edition (RTM-CU6) (KB4563110) and I get this error:

Msg 916, Level 14, State 2, Line 14
The server principal "<OWNER_LOGIN>" is not able to access the database "<DB_NAME>" under the current security context.

The idea is using a stored procedure to map a login to database and give db_owner role.

Any idea how can I solve the error?

like image 787
AdemirP Avatar asked Nov 07 '22 05:11

AdemirP

2 Answers

Check the target database owner and if the database owner is not sa or the TRUSTWORTHY property of the target database is OFF, you will receive the "The server principal "sa" is not able to access the database "DB_NAME" under the current security context" error when impersonating SA by using the EXECUTE AS in a stored procedure:

https://learn.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ms188304(v=sql.105)?redirectedfrom=MSDN:

When impersonating a principal by using the EXECUTE AS USER statement, or within a database-scoped module by using the EXECUTE AS clause, the scope of impersonation is restricted to the database by default. This means that references to objects outside the scope of the database will return an error.

Options resolve the error "The server principal "sa" is not able to access the database "DB_NAME" under the current security context":

Note: In the below options replace {{TargetDb}} with actual DB_NAME

  1. Change the target database owner to sa 
USE {{TargetDb}} 
sp_changedbowner 'sa'
  1. Or turn on the TRUSTWORTHY property in the target database:
ALTER DATABASE {{TargetDb}} SET TRUSTWORTHY ON
like image 94
vvvv4d Avatar answered Nov 12 '22 18:11

vvvv4d

Remove the WITH EXECUTE AS owner

like image 41
Marcus Vinicius Pompeu Avatar answered Nov 12 '22 18:11

Marcus Vinicius Pompeu
Sign in to Comment

Related questions

Getting a list of entities from a table leads to 500 error - Entity Framework
Subtract values from two columns in sql query
Get reports from SSRS with Laravel 5.4
How to replace a value in comma separated string column in SQL Server
Analysis Services .abf file database restore
How to Remove 「Total」 row in SSRS report?
IIS 10 / SQL Server 2017 / very slow connections with classic ASP
Deleting Duplicate Row Combinations in a given Date
How to decrypt a string encrypted by SQL Server's EncryptByPassPhrase() in PHP?
SQL query to show columns based on column value repetition
to convert datetime into date string from 2019-05-02 12:00:00 to 2019-05-02
SSIS expression picking up variable as column then throwing error
Is it possible to install both SQLPS and SqlServer PowerShell module on Windows 10?
How to remove duplicate rows in SQL Server self join
Microsoft cubes usage boundaries and best practicies
How to implement constraint based referential integrity on a simple 3 way relation
DB Link from oracle -> ms sql ORA-28545 & ORA-02063
why does LINQ use the wrong datatype in my query while it's declared correctly in the EF schema?
Using SQLServer contains for partial words
How to build RUNAS /NETONLY functionality into a (C#/.NET/WinForms) program?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!