Cross-database ownership chaining should be disabled
Default Severity: medium
Explanation
Cross-database ownership chaining, also known as cross-database chaining, is a security feature of SQL Server that allows users of databases access to other databases besides the one they are currently using.
Possible Impact
Unintended access to sensitive data
Suggested Resolution
Disable cross database ownership chaining
Insecure Example
The following example will fail the google-sql-no-cross-db-ownership-chaining check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "SQLSERVER_2017_STANDARD"
region = "us-central1"
}
Secure Example
The following example will pass the google-sql-no-cross-db-ownership-chaining check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "SQLSERVER_2017_STANDARD"
region = "us-central1"
settings {
database_flags {
name = "cross db ownership chaining"
value = "off"
}
}
}