Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
INF: Object Ownership Chain Checking Across Databases Depends on the Login That Is Mapped to the Object Owners
Article ID: 272424 - View products that this article applies to.
This article was previously published under Q272424
SQL Server Books Online states that ownership chains are checked for stored procedures and views that cross databases. You can see this easily when the owner of the dependent objects in each database maps to the same login. However, if you have users in both databases that have the same user name, but are not mapped to the same login (as often happens with the database owner [DBO]), it may seem that the ownership chains are being incorrectly checked. For example, if the DBO of each database is mapped to the same login, and the owner of the objects in the databases is the DBO, permissions are not checked. However, if the DBO of each database is mapped to a different login, the ownership chains are checked. This can happen with users other than the DBO if your user names are different from your login names.
A user in a database can be granted permissions on a view or stored procedure. If that view or stored procedure accesses objects in another database which is owned by a user mapped to a different login, the permissions of the underlying objects are checked. If the user does not have permissions to the objects in the other database, the following error is returned:
However, if the underlying mapped login of objects in the query is the same, permissions are not checked, and the query executes without the above error even if the user does not have permissions to the underlying tables.
Error 229: %ls permission denied on object '%.*ls', database '%.*ls', owner '%.*ls'.
To see an example of this, follow these steps: