Skip to content

Commit 77c41c2

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #37088 from shohamMSFT/docs-editor/execute-as-transact-sql-1776382138
Update execute-as-transact-sql.md
2 parents 82a5aed + 4f5dd18 commit 77c41c2

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

docs/t-sql/statements/execute-as-transact-sql.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ dev_langs:
2222
monikerRange: "=azuresqldb-current||>=sql-server-2016||>=sql-server-linux-2017||=azure-sqldw-latest"
2323
---
2424
# EXECUTE AS (Transact-SQL)
25+
2526
[!INCLUDE [sql-asdb-asdbmi-asa-pdw](../../includes/applies-to-version/sql-asdb-asdbmi-asa.md)]
2627

2728
Sets the execution context of a session.
@@ -116,6 +117,12 @@ If the user is orphaned (the associated login no longer exists), and the user wa
116117

117118
> [!CAUTION]
118119
> The EXECUTE AS statement can succeed as long as the [!INCLUDE[ssDE](../../includes/ssde-md.md)] can resolve the name. If a domain user exists, Windows might be able to resolve the user for the [!INCLUDE[ssDE](../../includes/ssde-md.md)], even though the Windows user does not have access to [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. This can lead to a condition where a login with no access to [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] appears to be logged in, though the impersonated login would only have the permissions granted to public or guest.
120+
121+
## Security considerations
122+
123+
Executing under the dbo ownership context, for example by using the statement `EXECUTE AS USER = 'dbo'`, changes how explicit DENY permissions are evaluated. When you switch the execution context to the dbo ownership context, permission-based DENY restrictions that apply to the original calling principal aren't enforced for the duration of the impersonation. As a result, a principal that can switch execution context to dbo, for example through membership in the db_owner fixed database role, can perform actions that would otherwise be blocked by explicit DENY permissions applied to that principal.
124+
125+
This behavior is by design. Take it into account when you grant permissions that allow ownership impersonation. DENY permissions can't serve as a compensating control to limit the effective permissions of principals that can execute as dbo.
119126

120127
## Using WITH NO REVERT
121128
When the EXECUTE AS statement includes the optional WITH NO REVERT clause, the execution context of a session cannot be reset using REVERT or by executing another EXECUTE AS statement. The context set by the statement remains in effect until the session is dropped.

0 commit comments

Comments
 (0)