FIX: A Non-Sysadmin May Execute sp_procoption Stored Procedure

Article translations Article translations
Article ID: 277809 - View products that this article applies to.
This article was previously published under Q277809
This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 57213 (SQLBUG_70)
Expand all | Collapse all

Symptoms

Microsoft SQL Server Books Online states the following concerning the execution of the sp_procoption stored procedure:
Execute permissions default to members of the sysadmin and setupadmin fixed server roles. Startup procedures must be owned by the database owner in the master database.
This is not the intended behavior. Only logins that are a member of the System Administrators fixed server role should have execute permission on sp_procoption.

Status

Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 3 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
For more information, contact your primary support provider.

More information

To reproduce the problem use these steps:
  1. Open the SQL Server Query Analyzer.
  2. Create the stored procedure in the master database:
    use master
    go
    create procedure test_proc as
    PRINT "Executed test_proc"
    go
    					
  3. Add a SQL Server login. The default database for the login is master.
    sp_addlogin @loginame = 'testuser',
        @defdb = 'master'
    go
    					
  4. Make the login a member of the Setup Administrators fixed server role.
    sp_addsrvrolemember @loginame = 'testuser', @rolename = 'setupadmin'
    go
    					
  5. Give the login access to the master database.
    sp_adduser @loginame = 'testuser'
    go
    					
  6. Make the new user a member of the db_owner database role.
    sp_addrolemember @rolename = 'db_owner',
    @membername = 'testuser'
    go
    					
  7. Open a second connection in the SQL Server Query Analyzer and log in as testuser.
  8. Make the stored procedure created in step 2 a startup stored procedure:
    sp_procoption @ProcName = 'test_proc',
    @OptionName = 'startup',
    @OptionValue = 'true'
    go
    					
  9. When you execute sp_procoption this error message is returned in the SQL Server Query Analyzer:
    Server: Msg 5812, Level 14, State 1, Procedure sp_procoption, Line 254 Permission denied. Only members of the sysadmin role can run RECONFIGURE. All 1 matched objects now have their 'startup' setting as 'true'. Updates were required for 1 objects.
  10. Restart SQL Server, and then view the current SQL Server error logs. The following text is displayed, which verifies that the procedure was executed upon startup:
    Launched startup procedure 'test_proc'
    [autoexec] "Executed test_proc"

Properties

Article ID: 277809 - Last Review: November 2, 2013 - Revision: 3.0
Applies to
  • Microsoft SQL Server 7.0 Standard Edition
Keywords: 
kbnosurvey kbarchive kbbug kbfix KB277809

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com