Cross-database Chaining

Cross-database ownership chaining, also known as cross-database chaining, is a security feature of SQL Server that allows users of databases access to other databases besides the one they are currently using. Cross-database is an extension of ownership chaining and does the same process but across databases. Ownership chaining is a security feature in SQL Server that enables the management of access to multiple objects by setting permissions on one object. In cross-database chaining, SQL Server can be configured to allow the same thing between databases or across all databases inside one instance of SQL server.

It’s possible to turn on cross-database chaining at either the server and the database level. If you turn it on at the server level, cross-database  chaining is enabled for all databases on that server, regardless of individual database settings.

Cross-database ownership chaining is preset to off at the server level and it is also set to off on all databases except the master, msdb and tempdb databases. These system databases must have cross-database ownership chaining turned on in order to function properly.

For security reasons, cross database ownership chaining should generally not be turned on at the server level. By the same token, chaining should only be turned on for the specific databases that require it as a general rule.

Security and user permissions can be a major headache for database administrators. Idera’s SQL Secure database management suite helps you answer critical questions such as  “Who can do what, where, and how on my SQL Servers?” SQL Secure is a comprehensive, automated solution that helps DBAs set and monitor security access rights in SQL Server databases, including setting up secure, customized cross-database chaining if required.