EXECUTE AS vs. SETUSER
In SQL Server 2005, the context in which a string, command, or module is executed can be explicitly set by using the EXECUTE AS statement. EXECUTE AS replaces the SETUSER statement.
TRUSTWORTHY Database Property
Because a database that is attached to an instance of SQL Server cannot be immediately trusted, the database is not allowed to access resources beyond the scope of the database until the database is explicitly marked trustworthy. Also, modules that are designed to access resources outside the database, and assemblies with either the EXTERNAL_ACCESS and UNSAFE permission setting, have additional requirements in order to run successfully.
SQL Server Security : The TRUSTWORHY bit database property in SQL Server 2005
References and links
· TRUSTWORTHY Database property
· Security Considerations for Databases and Database Applications
· Understanding Context Switching
· Extending Database Impersonation using Execute As
SQL Server Security : The TRUSTWORHY bit database property in SQL Server 2005
The TRUSTWORHY bit database property in SQL Server 2005
In SQL Server 2005 we introduced a new database property named TRUSTWORTHY bit (TW bit for short) at the database level in order to work as a safeguard to reduce the default surface area regarding some powerful new features: EXECUTE AS USER and CLR assemblies. These new features are really powerful, but without the TW bit they would be ultimately under the control of the DBO and can potentially be misused to escalate privileges in the system