General 8066 Published by

FIX: Temporary Stored Procedures in SA Owned Databases may Bypass Permission Checks When You Run Stored Procedures

SYMPTOMS
Under the following conditions, stored procedure execution permission checks do not work properly and they allow access when access should not be allowed:

A temporary stored procedure is created by a non-dbo user that references a stored procedure owned by dbo.

The database where the referenced stored procedure exist is owned by the standard system administrator (sa) security login.

The non-dbo user does not have EXECUTE permissions on the referenced stored procedure.

Download