You may receive a "Permission denied" error message when an application role-based application tries to select records from any one of the system tables in a SQL Server 2005 master database (906549)
The information in this article applies to:
- Microsoft SQL Server 2005 Developer Edition
- Microsoft SQL Server 2005 Enterprise Edition
- Microsoft SQL Server 2005 Enterprise Edition for Itanium Based Systems
- Microsoft SQL Server 2005 Enterprise X64 Edition
- Microsoft SQL Server 2005 Express Edition
- Microsoft SQL Server 2005 Standard Edition
- SQL Server 2005 Standard Edition for Itanium-based Systems
- Microsoft SQL Server 2005 Standard X64 Edition
- Microsoft SQL Server 2005 Workgroup
SYMPTOMSIf an application role-based application tries to select all records from any one of the system tables in a Microsoft SQL Server 2005 master database, you may experience one of the following symptoms: - No records are returned.
- You receive the following error message:
Permission denied.
For example, this problem may occur if the application uses the following query. select * from master.dbo.syslogins CAUSEApplication role-based applications are designed to work with specific information in a database. These applications cannot access system tables in a master view or in a dynamic management view. These views contain server-level information.RESOLUTIONTo resolve this problem, use certificate-signed procedures to access server-level system tables. Certificate-signed procedures offer the following benefits: - You do not have to use trace flags.
- Less server-level information may be disclosed. Application role-based applications must use stored procedures instead of using general queries. Stored procedures are more likely to return only specific data that is required by the application.
WORKAROUNDTo work around this problem, enable global trace flag 4616.
Modification Type: | Minor | Last Reviewed: | 11/1/2005 |
---|
Keywords: | kbsql2005engine kbtshoot kbprb KB906549 kbAudDeveloper kbAudITPRO |
---|
|