"To run xp_cmdshell for a non-system administrator user, you must grant the following rights.
MSSQLServer and SQLServerAgent Services
Act as part of the Operating System.
Increase Quotas.
Replace a process level token.
Log on as a batch job."
The above quote was from the following link:
http://support.microsoft.com/default.aspx?scid=kb;en-us;264155
The bottom line is to be able to call a store procedure from an aspx page to execute the code which contain xp_cmdshell command, an example of such command is like:
------------------
EXEC master..xp_cmdshell 'dir d:\BT_import\Data\sales_option_price_report.csv'
Thanks for your help
ehx5The "rights" refer to the user account that is running the extended stored proc, namely the user account for teh MSSQLServer service and the SQLServerAgent service. Once you know who they are you can go to the security policy editor and grant them the said rights. However, this is *VERY* dangerous and I really would recommend that you do NOT take this path. If someone gets onto to DB the xp_xmdShell 'Format c'. You get the idea. Much, much better to let some Business logic component sort this out, or even your own extended proc.
No comments:
Post a Comment