Hi, I have a strange permission issue encountered today, I am wondering how the Grant Authorization behaviour may possibly play into this, here is my situation:
user with no Admin rights was able to grant db to db permisssions on a database that was considered secured off from the main "branch" of db's
example, here is my environment set up, having MAINDB and SECUREDB as separate branches
user has create, drop authorization in users own database plus has grant and drop authorization in another work database throught a database role, for our example user database and work database are located under MAINDB
user has no permissions to SECUREDB but granted db to db rights on 2 databaes in the MAINDB branch - ex. granted select on db1 to db2.
There are no "Grant Admin" or Grant with Grant options selected.
How is this possible? Does the GRANT Authorization span outside of the database where it is granted?