Добро пожаловать в форум, Guest  >>   Войти | Регистрация | Поиск | Правила | В избранное | Подписаться
Все форумы / Microsoft SQL Server Новый топик    Ответить
 permission na vipolnenie xp_cmdshell  [new]
Nastasia
Member

Откуда:
Сообщений: 135
kakie minimal'nie prava nyshno dat" dlia SQL account chtobi user mog
vipolniat" procedury v kotoroi vizivaetcia master..xp_cmdshell ???

piece of SP :
declare @s varchar(8000)

set @s = 'dtsrun /SMTLPRDVDB02 /NM /E /ACID='+@cID
exec master..xp_cmdshell @s
24 апр 03, 21:59    [184020]     Ответить | Цитировать Сообщить модератору
 Re: permission na vipolnenie xp_cmdshell  [new]
tpg
Member

Откуда: Novosibirsk
Сообщений: 23902
Читайте BOL:

Remarks
xp_cmdshell operates synchronously. Control is not returned until the command shell command completes.

When you grant execute permissions to users, the users can execute any operating-system command at the Microsoft Windows NT® command shell that the account running Microsoft SQL Server™ has the needed privileges to execute.

By default, only members of the sysadmin fixed server role can execute this extended stored procedure. You may, however, grant other users permission to execute this stored procedure.

When xp_cmdshell is invoked by a user who is a member of the sysadmin fixed server role, xp_cmdshell will be executed under the security context in which the SQL Server service is running. When the user is not a member of the sysadmin group, xp_cmdshell will impersonate the SQL Server Agent proxy account, which is specified using xp_sqlagent_proxy_account. If the proxy account is not available, xp_cmdshell will fail. This is true only for Microsoft® Windows NT® 4.0 and Windows 2000. On Windows 9.x, there is no impersonation and xp_cmdshell is always executed under the security context of the Windows 9.x user who started SQL Server.



Note In earlier versions, a user who was granted execute permissions for xp_cmdshell ran the command in the context of the MSSQLServer service's user account. SQL Server could be configured (through a configuration option) so that users who did not have sa access to SQL Server could run xp_cmdshell in the context of the SQLExecutiveCmdExec Windows NT account. In SQL Server 7.0, the account is called SQLAgentCmdExec. Users who are not members of the sysadmin fixed server role now run commands in the context of this account without specifying a configuration change.


Permissions
Execute permissions for xp_cmdshell default to members of the sysadmin fixed server role, but can be granted to other users.



Important If you choose to use a Windows NT account that is not a member of the local administrator's group for the MSSQLServer service, users who are not members of the sysadmin fixed server role cannot execute xp_cmdshell.
25 апр 03, 06:43    [184073]     Ответить | Цитировать Сообщить модератору
 Re: permission na vipolnenie xp_cmdshell  [new]
tpg
Member

Откуда: Novosibirsk
Сообщений: 23902
Блин! Ссылку не посмотрел и пропостил как чайник Картинка с другого сайта.
25 апр 03, 06:48    [184075]     Ответить | Цитировать Сообщить модератору
Все форумы / Microsoft SQL Server Ответить