Disable "Cross DB Ownership Chaining" Flag for SQL Server Database Instances

01 Sign in to Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Cloud SQL Instances dashboard at https://console.cloud.google.com/sql/instances.

04 Click inside the Filter tree box, select Type and SQL Server then press Enter, to list only the SQL Server database instances provisioned for the selected GCP project.

05 Click on the name (ID) of the database instance that you want to examine.

06 In the navigation panel, select Overview to access the configuration details of the selected instance.

07 In the Configuration section, under Database flags, check the configuration value set for the cross db ownership chaining database flag. If cross db ownership chaining is set to on, the "cross db ownership chaining" database flag is currently enabled for the selected Google Cloud SQL Server database instance, therefore the database configuration is not compliant.

08 Repeat step no. 5 – 7 to check the "cross db ownership chaining" flag configuration for other SQL Server instances available within the selected project.

09 Repeat steps no. 2 – 8 for each project deployed in your Google Cloud account.

01 Run projects list command (Windows/macOS/Linux) using custom query filters to list the IDs of all the Google Cloud Platform (GCP) projects available in your Google Cloud account:

gcloud projects list
	--format="table(projectId)"

02 The command output should return the requested GCP project identifiers:

PROJECT_ID
cc-ms-web-project-123123
cc-mobile-project-123123

03 Run sql instances list command (Windows/macOS/Linux) using custom filtering to describe the name of each SQL Server database instance provisioned for the selected Google Cloud project:

gcloud sql instances list
	--project cc-ms-web-project-123123
	--filter='DATABASE_VERSION:SQLSERVER*'
	--format="(NAME)"

04 The command output should return the requested database instance name(s):

NAME
cc-web-sql-server-instance
cc-app-sql-server-instance

05 Run sql instances describe command (Windows/macOS/Linux) using the name of the SQL Server database instance that you want to examine as identifier parameter and custom query filters to describe the "cross db ownership chaining" flag configuration value set for the selected database instance:

gcloud sql instances describe cc-web-sql-server-instance
	--format=json | jq '.settings.databaseFlags[] | select(.name=="cross db ownership chaining")|.value'

06 The command output should return the requested flag configuration value:

"on"

07 Repeat step no. 5 and 6 to verify the "cross db ownership chaining" flag configuration value for other SQL Server instances created for the selected project.

08 Repeat steps no. 3 – 7 for each project available within your Google Cloud account.

01 Sign in to Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Cloud SQL Instances dashboard at https://console.cloud.google.com/sql/instances.

04 Click inside the Filter tree box, select Type and SQL Server then press Enter, to display only the SQL Server instances available for the selected project.

05 Click on the name/ID of the database instance that you want to reconfigure.

06 In the navigation panel, select Overview to access the configuration details of the selected instance.

07 Click on the Edit button from the dashboard top menu to access the instance edit mode.

08 In the Customize your instance section, click on Flags and parameters to expand the panel with the database flags configured for the selected instance.

09 Find the cross db ownership chaining flag and turn it off by selecting off from the flag configuration dropdown list. If the flag has not been set on the selected instance before, click Add item, choose the cross db ownership chaining flag from the Choose one dropdown menu, and set its value to off. Click Close to close the panel.
IMPORTANT: Configuring the "cross db ownership chaining" flag restarts automatically the selected database instance.

10 Click Save to apply the changes.

11 Repeat step no. 5 – 10 to configure the required flag for other SQL Server database instances available within the selected project.

12 Repeat steps no. 2 – 11 for each project deployed in your Google Cloud account.

01 Run sql instances patch command (Windows/macOS/Linux) using the name of the SQL Server database instance that you want to reconfigure as identifier parameters (see Audit section part II to identify the right resource), to disable the "cross db ownership chaining" database flag for the selected SQL database instance:

gcloud sql instances patch cc-web-sql-server-instance
	--database-flags "cross db ownership chaining=off"

02 Type Y to confirm the database configuration change:

The following message will be used for the patch API method.
{"name": "cc-web-sql-server-instance", "project": "cc-ms-web-project-123123", "settings": {"databaseFlags": [{"name": "cross db ownership chaining", "value": "off"}]}}
WARNING: This patch modifies database flag values, which may require your instance to be restarted. Check the list of supported flags - https://cloud.google.com/sql/docs/sqlserver/flags - to see if your instance will be restarted when this patch is submitted.
Do you want to continue (Y/n)? Y

03 The output should return the sql instances patch command request status:

Patching Cloud SQL instance...done.
Updated [https://sqladmin.googleapis.com/sql/v1beta4/projects/cc-ms-web-project-123123/instances/cc-web-sql-server-instance].

04 Repeat step no. 1 – 3 to configure the required flag for other SQL Server database instances provisioned for the selected project.

05 Repeat steps no. 1 – 4 for each project created within your Google Cloud account.