2.3 Ensure 'Cross DB Ownership Chaining' Server Configuration Option is set to '0'


The cross db ownership chaining option controls cross-database ownership chaining across all databases at the instance (or server) level.


When enabled, this option allows a member of the db_owner role in a database to gain access to objects owned by a login in any other database, causing an unnecessary information disclosure. When required, cross-database ownership chaining should only be enabled for the specific databases requiring it instead of at the instance level for all databases by using the ALTER DATABASE <database_name> SET DB_CHAINING ON command. This database option may not be changed on the master, model, or tempdb system databases.


Run the following T-SQL command:

EXECUTE sp_configure 'cross db ownership chaining', 0;

Default Value:

By default, this option is disabled (0).

See Also