Search code examples
sql-serversql-server-2008sql-server-2008-r2bulk-loadnetwork-security

OPENROWSET BULK Permissions to Shared Folder


OBJECTIVE

Use the OPENROWSET feature to JOIN data in a query against a text file.

ERROR

Leveraging the answer from @gbn on this question I am trying to open a row set just like the OP; though the format of the file is a bit different. However, I'm getting the following error trying to access a shared folder:

Msg 4861, Level 16, State 1, Line 1

Cannot bulk load because the file "\MACHINENAME\Share\EC04.txt" could not be opened. Operating system error code 5(Access is denied.).

BACKGROUND

Please understand, I do not and will not have access to the SQL server and so I cannot place a file there.

The file resides on a Windows 7 x64 machine.

The folder has been shared as Read/Write with Everyone.

QUESTION

Can somebody help me understand what other security I need to give to allow the SQL server to access this folder?


Solution

  • If you are logged in as a SQL login then you must create a credential for this login and this credential must have sufficient privileges to read the share.

    If you are logged in as a Windows login then you must enable Kerberos constrained delegation for the SQL Server service account.

    Right now it seems you're using a Windows login and because the impersonated context cannot flow through the 'double hop' the authentication resolves to ANONYMOUS LOGON, which is not member of Everyone, hence the access denied. All this is exactly the expected behavior. Consult your network administrator about how to setup constrained delegation for the SQL Server service account targeting your desired share.