Skip to content

Commit 6e0c542

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #35878 from loicmaz/patch-1
Update cross-db-ownership-chaining-server-configuration-option.md
2 parents f297216 + 7a5d640 commit 6e0c542

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

docs/database-engine/configure-windows/cross-db-ownership-chaining-server-configuration-option.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ title: "Server Configuration: cross db ownership chaining"
33
description: "Learn how to use the cross db ownership chaining option in SQL Server. View considerations for turning cross-database ownership chaining on and off."
44
author: rwestMSFT
55
ms.author: randolphwest
6-
ms.date: 08/26/2025
6+
ms.date: 11/19/2025
77
ms.service: sql
88
ms.subservice: configuration
99
ms.topic: conceptual
@@ -33,7 +33,9 @@ This server option allows you to control cross-database ownership chaining at th
3333
To determine the current status of cross-database ownership chaining, execute the following query:
3434

3535
```sql
36-
SELECT is_db_chaining_on, name FROM sys.databases;
36+
SELECT is_db_chaining_on,
37+
name
38+
FROM sys.databases;
3739
```
3840

3941
A result of `1` indicates that cross-database ownership chaining is enabled.
@@ -50,6 +52,12 @@ Before turning cross-database ownership chaining on or off:
5052

5153
- If you have databases that require cross-database ownership chaining, the recommended practice is to turn off the `cross db ownership chaining` option for the instance using `sp_configure`; then, turn on cross-database ownership chaining for individual databases that require it with the [ALTER DATABASE](../../t-sql/statements/alter-database-transact-sql.md) statement.
5254

55+
## Security risk
56+
57+
Enabling cross-database ownership chaining in [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] introduces a potential security vulnerability. When this feature is active, a local database user with elevated privileges can exploit ownership chaining to escalate permissions and potentially gain **sysadmin** access.
58+
59+
You should avoid enabling cross-database ownership chaining at the instance level, and restrict its use to trusted, related databases only.
60+
5361
## Related content
5462

5563
- [ALTER DATABASE (Transact-SQL)](../../t-sql/statements/alter-database-transact-sql.md)

0 commit comments

Comments
 (0)