Quantcast
Channel: SQL Service Broker forum
Viewing all articles
Browse latest Browse all 461

Service Broker and "the module being executed is not trusted"

$
0
0

We are having an issue executing a stored procedure from a queue in the Service Broker.  Trying to executed the following stored procedure:

EXEC usp_StoredProcedureQueue_Enqueue @StoredProcedureName='dbo.sp_WhoIsActive', @StoredProcedureParameters=''

Get the following error:

The module being executed is not trusted. Either the owner of the database of the module needs to be granted authenticate permission, or the module needs to be digitally signed.

The queue looks like this:

ALTER QUEUE [dbo].[ReceiveProcedureQueue] WITH STATUS = ON , RETENTION = OFF , ACTIVATION (  STATUS = ON , PROCEDURE_NAME = [dbo].[usp_StoredProcedureQueue_Process] ,
MAX_QUEUE_READERS = 10 , EXECUTE AS OWNER ), POISON_MESSAGE_HANDLING (STATUS = ON)

Here is the main code from stored procedure usp_StoredProcedureQueue_Process:

DECLARE @tblMessage TABLE(Message_Body XML);

RECEIVE TOP(1) CONVERT(XML, message_body)
FROM ReceiveProcedureQueue
INTO @tblMessage

SELECT @cSQL = ('EXEC ' + c.value('Name[1]','VARCHAR(MAX)') + ' ' + c.value('ParameterString[1]','VARCHAR(MAX)'))
FROM @tblMessage
CROSS APPLY Message_Body.nodes('StoredProcedure') AS t(c)

EXEC sp_executeSql @cSQL

The error occurs because of executing sp_executesql from within sp_WhoIsActive.  We're using sp_WhoIsActive as a test because we have a need to use sp_executesql in this scenario.

I've tried different variations of "EXECUTE AS" in the queue and have "signed" the aforementioned stored procedures but nothing seems to work.  Wasn't able to "sign" sp_executesql as changes are not allowed to this stored proc.

Enabling the setting TRUSTWORTHY in the database allows this all to work fine, but from a security perspective, it's not an ideal situation.

Any ideas on how to get this to work?  Thanks.


Viewing all articles
Browse latest Browse all 461

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>