Assume the existence of database A, user B, and user C.
User B has SELECT access to database A. User C does not have access to database A.
User B creates a stored procedure. The stored procedure creates tables in user B's database from the data in database A based on parameters passed to the stored procedure. The stored procedure creates views to expose the data from the newly created tables to user C.
The stored procedure has SQL SECURITY CREATOR. User C is granted execute procedure permission on the stored procedure created by user B.
When user B executes the stored procedure everything works. When user C executes the procedure an error is generated saying that the user does not have select permission on a table/field in database A.
Since SQL SECURITY CREATOR was specified I would expect that the stored procedure should be able to access this data since the stored procedure creator has access. However, it looks like that is not the case. So my question is whether there is some way to get the stored procedure to work the same for user C as it does for user B without granting user C permissions to database A?