FIX: A Non-Sysadmin May Execute sp_procoption Stored Procedure

This article was previously published under Q277809
This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 57213 (SQLBUG_70)
Symptoms
Microsoft SQL Server Books Online states the following concerning the execution of the sp_procoption stored procedure:
Execute permissions default to members of the sysadmin andsetupadmin fixed server roles. Startup procedures must be owned by thedatabase owner in the master database.
This is not the intended behavior. Only logins that are a member of the System Administrators fixed server role should have execute permission on sp_procoption.
Status
Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 3 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
For more information, contact your primary support provider.
More information
To reproduce the problem use these steps:
  1. Open the SQL Server Query Analyzer.
  2. Create the stored procedure in the master database:
    use mastergocreate procedure test_proc asPRINT "Executed test_proc"go					
  3. Add a SQL Server login. The default database for the login is master.
    sp_addlogin @loginame = 'testuser',    @defdb = 'master'go					
  4. Make the login a member of the Setup Administrators fixed server role.
    sp_addsrvrolemember @loginame = 'testuser', @rolename = 'setupadmin'go					
  5. Give the login access to the master database.
    sp_adduser @loginame = 'testuser'go					
  6. Make the new user a member of the db_owner database role.
    sp_addrolemember @rolename = 'db_owner',@membername = 'testuser'go					
  7. Open a second connection in the SQL Server Query Analyzer and log in as testuser.
  8. Make the stored procedure created in step 2 a startup stored procedure:
    sp_procoption @ProcName = 'test_proc',@OptionName = 'startup',@OptionValue = 'true'go					
  9. When you execute sp_procoption this error message is returned in the SQL Server Query Analyzer:
    Server: Msg 5812, Level 14, State 1, Procedure sp_procoption, Line 254Permission denied. Only members of the sysadmin role can run RECONFIGURE.All 1 matched objects now have their 'startup' setting as 'true'. Updates were required for 1 objects.
  10. Restart SQL Server, and then view the current SQL Server error logs. The following text is displayed, which verifies that the procedure was executed upon startup:
    Launched startup procedure 'test_proc'
    [autoexec] "Executed test_proc"
Startup stored procedure permission sysadmin execute
Properties

Article ID: 277809 - Last Review: 11/02/2013 02:33:00 - Revision: 3.0

  • Microsoft SQL Server 7.0 Standard Edition
  • kbnosurvey kbarchive kbbug kbfix KB277809
Feedback