Hi Bret
It works ok when i execute it locally, but i cant because of the issue described here :
- The problem lies in the fact that the user executing the above version of sp_kill may be able to interrupt execution of the procedure by hitting CTRL-C. When this happens after indirect_sa_role has been enabled but before it has been disabled again, sa_role would remain enabled for the user's session. Obviously, this would create an unacceptable security problem. To overcome this security issue, a slightly more elaborate setup is used. Instead of executing the stored procedure directly, it is executed indirectly as an RPC.
Since some other people know the password for this login, they would be able to get sa_role active this way. So from a security standpoint, it wouldnt matter if the login had indirect_sa_role or regular sa_role.
Or maybe i dont understand the issue correctly, if so then please explain further, since i would also need to convince our IT security that we got it wrong.
Thanks
Karel