SQL Server database instance ‘cross db ownership chaining’ database flag should be set to ‘off’

Description

The SQL Server database instance flag ‘cross db ownership chaining’ allows you to control cross-database ownership chaining at the database level or to allow cross-database ownership chaining for all databases. This flag should be set to off unless all of the databases hosted on this instance must participate in cross-database ownership chaining and you are aware of the security implications of doing this.

Remediation Steps

Google Cloud Console

• Navigate to Cloud SQL instances.

• Click on the Cloud SQL SQL Server database instance name to go to the Overview page.

• Click EDIT and scroll down to the Flags section.

• Select ADD FLAG, choose the cross db ownership chaining flag, and set it off.

• Click DONE.

gcloud CLI

• Set the cross db ownership chaining database flag to off for each Cloud SQL SQL Server database instance:

  • gcloud sql instances patch INSTANCE_NAME --database-flags "cross db ownership chaining=off"

Documentation Links

Runtime

• SQL Server cross db ownship chaining Server Configuration Option

• Cloud SQL configuring database flags

• CLI: gcloud sql instances patch