Bulk Insert failed when executed from remote client but success on local
Please find the diagram as below for my issue:
I have 3 servers in the same domain, there is a SQL Server instance A (it's windows service run under domain\User1), In this instance, we have a Stored Procedure used for BULK INSERT a text file from a network shared folder in server C, the domain\User1 has full permissions on this folder.
My issue is: The Stored Procedure runs ok (green arrow) when connecting by SSMS in its (server A). But it failed when I change to SSMS in server B (log in by the same domain\User1 to the same Instance A). The error is "Access denied" to the text file (red arrow). Does the client have a role in this? I think the client does not matter, the file reading is done from the server (by the user that run Instance A service)
Note: If I connect Instance A from SSMS B with SQL Logon User (not windows account), the stored procedure works fine.
Could anyone give me some advice and sorry for my bad English
This is just a link answer but hopefully it helps.
BTW I commend you for taking the time to analyse the issue to the extent of drawing a diagram. This is far higher quality than most questions on here.
I believe you are running into a double hop issue. I searched everywhere for the BULK INSERT permission model and finally found this https://dba.stackexchange.com/questions/189676/why-is-bulk-insert-considered-dangerous
which says this about using BULK INSERT:
When accessing SQL Server via a Windows Login, that Windows account will be impersonated (even if you switch the security context using EXECUTE AS LOGIN='...') for doing the file system access
and this
when accessing SQL Server via a SQL Server Login, then the external access is done in the context of the SQL Server service account
When you have issues with windows authentication and there is three servers and impersonation, it's often a double hop issue.
This may help you with that:
https://dba.stackexchange.com/questions/44524/bulk-insert-through-network
Which in turn references this:
- Providing string variable into Dynamic SQL SELECT statement WITHOUT it being read as a column name?
- How can I find out what FOREIGN KEY constraint references a table in SQL Server?
- Why ISDATE() is returning 9996 as date?
- .NET 8 & SQL Server 2016 - Contains() throws error
- IsDate Function in SQL evaluates invalid dates as valid
- SQL Server - Value passes ISDATE() but fails to CAST as DATE or DATETIME
- Error when connecting to SQL Server in deno: 'cannot find module crypto'
- Multiple many-to-many and multiple one-to-one relationships in the same entities
- SQL Server DATEDIFF round up the YEAR difference. How to round it down?
- Path table to HTML treeview in SQL Server
- SUM and Decimal precision
- Parse TEXT datatype column to grab values based on TAGS
- How can I create a tar file in memory from several varbinary(max) columns stored in SQL Server using .NET native API?
- collation conflict between "Hebrew_CI_AS" and "SQL_Latin1_General_CP1_CI_AS"
- Maintaining property order with get-member
- migrate data from MS SQL to PostgreSQL?
- Add multiple conditional values to one column
- Read Committed vs Read Uncommitted if both transactions do not rollback
- SQL YEAR(GETDATE())
- VIEW with NOLOCK but called without NOLOCK
- SQL Merge WHEN NOT MATCHED BY SOURCE THEN on filtered source and targed tables
- SQL obtain timestamps for end datetime row 1 and start timestamp row 2
- Tricky SQL update
- Remove Identity from a column in a table
- Return 1 if value is 0 without CASE statement
- Append string text based on pattern search SQL
- How to find Cyrillic font (russian characters)?
- Query Azure SQL Database using Rest-API
- DATENAME and DATEPART in SQL
- MySQL PDO Fetch TableName like **