I have a restricted database (that contains confidential data) called database B with only a couple of users with access to it. However, I need some select data from a couple of tables within B to be available to the users who request it. The users requesting the data are not added as database users to database B as they are not allowed to have access. These users, however, have access to database A (they are added as DB users of DB A). Is there a way to give a stored procedure access to the confidential database (B) so that any user running the SP could get the data they are requesting? If so, how? I’ve studied that this is possible, but without mention of how.
NOTE: it is NOT an option to move the needed data from Database B to A through IS package (given real-time access is needed). I’ve thought of using views too (but again, how? If you don’t have access to the base tables, you won’t have access to the data through the view either).
Best Answer
This is fairly easy to accomplish (including handling multiple databases and Dynamic SQL) without any Impersonation (
IMPERSONATE
permission), cross-database ownership chaining (Server / Instance or Database setting), orTRUSTWORTHY
(Database setting). What you need to do, generally speaking, is:Example:
CLEANUP
SETUP
TEST
For more info on Impersonation vs Module Signing you can review this other answer of mine (and the answer linked in it):
SQL Server Impersonation is just NOT working