Jeremy Davis
Sitecore, C# and web development
One of the projects I'm working on at the moment came with a requirement to change Sitecore v9.1 from running with the default SQL Security accounts to trusted connections using specific Active Directory accounts that the client provided. While there's a bit of work to do to enable this, it shouldn't be too tough. But trying to be a bit clever, I hit upon an issue which seemed worth documenting...
url copied!
So you'd hope that they'd be helpful if you need to move from one set of database accounts to another...
url copied!
USE [MyInstance_Xdb.Collection.Shard0] GO [xdb_collection].[GrantLeastPrivilege] 'Domain\ProcessAccountName'
I got success. It would write out all the changes it made. But when I called the same procedure in other databases, with the same approach
USE [MyInstance_ProcessingEngineStorage] GO [sitecore_processing_storage].[GrantLeastPrivilege] 'Domain\ProcessAccountName'
I got error messages instead – saying something like:
Msg 102, Level 15, State 1, Line 9 Incorrect syntax near '\'.
When I tested it, across all the non-content databases, it broke on ProcessingEngineStorage, MarketingAutomation, Processing.Pools, Processing.Tasks, ProcessingEngineTasks and ReferenceData.
Looking at the underlying code, the scripts which work run statements in the form of
EXECUTE('grant execute on TYPE::[database].[thing] TO [' + @Name + ']')
and the ones that fail look like
EXECUTE('grant execute on TYPE::[database].[thing] TO ' + @Name)
so it's pretty easy to tweak them to be successful. But it's a bit of a pain that this doesn't work out of the box. So I've reported this to Sitecore Support, who have accepted it's a bug. If you're hitting this issue too, make reference to bug 331327.
(And yes, I'm aware of the whole "string concatenation is dangerous when generating SQL statements thing – that's a debate for another day)
↑ Back to top
