Analysis of the conditions for granting and obtaining access rights in the MS SQL Server access control model

In this paper, the MS SQL Server access control model, based on the DBMS DP-model, is introduced. For taking into account the access control features of Microsoft SQL Server, the model includes roles, permissions to user accounts and roles, ownership chaining, user impersonation and activating procedures and triggers on behalf of the specified user accounts. The statement of the equivalence of the possibilities to execute arbitrary SQL-code on behalf of a specified account and to obtain the right of its impersonation is proved. Some necessary and sufficient conditions for obtaining and granting access rights by entities in the absence of cooperation between sessions are proved.