Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- USE your_db;
- GO
- CREATE USER username FROM LOGIN username;
- GO
- GRANT SELECT ON dbo.MyViewName TO username;
- GO
- CREATE DATABASE unrelated_db;
- GO
- USE unrelated_db;
- GO
- CREATE TABLE dbo.foo(bar INT);
- GO
- USE [master];
- GO
- CREATE LOGIN username WITH PASSWORD='foo', CHECK_POLICY = OFF;
- GO
- CREATE DATABASE velojason;
- GO
- USE velojason;
- GO
- CREATE USER username FROM LOGIN username;
- GO
- CREATE FUNCTION dbo.checkbar()
- RETURNS INT
- AS
- BEGIN
- RETURN
- (
- SELECT TOP (1) bar
- FROM unrelated_db.dbo.foo
- ORDER BY bar
- );
- END
- GO
- CREATE SYNONYM dbo.foo FOR unrelated_db.dbo.foo;
- GO
- CREATE TABLE dbo.PaymentDetails
- (
- PaymentID INT
- );
- GO
- CREATE VIEW dbo.SomeView
- AS
- SELECT
- p.PaymentID,
- x = dbo.checkbar(), -- function that pulls from other DB
- y = (SELECT bar FROM dbo.foo) -- synonym to other DB
- FROM dbo.PaymentDetails AS p;
- GO
- GRANT SELECT ON dbo.SomeView TO username;
- GO
- EXECUTE AS USER = 'username';
- GO
- -- even though I don't reference any of the columns
- -- in the other DB, I am denied SELECT on the view:
- SELECT PaymentID FROM dbo.SomeView;
- GO
- REVERT;
- GO
- ALTER VIEW dbo.SomeView
- AS
- SELECT
- p.PaymentID
- --x = dbo.checkbar(),
- --y = (SELECT bar FROM dbo.foo)
- FROM dbo.PaymentDetails AS p;
- GO
- DECLARE
- @dbname SYSNAME = N'unrelated_db',
- @viewname SYSNAME = N'dbo.SomeView';
- SELECT DISTINCT
- [This object] =
- OBJECT_SCHEMA_NAME([referencing_id])
- + '.' + OBJECT_NAME([referencing_id]),
- [references this object] =
- OBJECT_SCHEMA_NAME([referenced_id])
- + '.' + OBJECT_NAME([referenced_id]),
- [and touches this database] = referenced_database_name,
- [and is a(n)] = o.type_desc,
- [if synonym, it references] = s.base_object_name
- FROM sys.sql_expression_dependencies AS d
- LEFT OUTER JOIN sys.objects AS o
- ON o.[object_id] = d.referenced_id
- LEFT OUTER JOIN sys.synonyms AS s
- ON d.referenced_id = s.[object_id]
- AND s.base_object_name LIKE '%[' + @dbname + ']%'
- WHERE OBJECT_ID(@viewname) IN (
- referenced_id,
- referencing_id,
- (SELECT referencing_id FROM sys.sql_expression_dependencies
- WHERE referenced_database_name = @dbname)
- ) OR referenced_database_name = @dbname;
- create login YourTpvLogin with password = 'enter new password here'
- go
- use SomeDb
- go
- create user YourTpvUser for login YourTpvLogin
- go
- grant select on YourView to YourTpvUser
- go
- execute as user = 'YourTpvUser'
- go
- select *
- from YourView
- revert
- go
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement