When DROP USER Doesn’t Fully Drop Access: Stale EXTERNAL MODEL Permissions in SQL Server’s AI Integrations
Read OriginalThis article investigates a security-relevant design issue in SQL Server 2025's AI integration and vector search capabilities. It describes a permission lifecycle bug where EXTERNAL MODEL permissions remain in sys.database_permissions after a user is dropped, and the reused principal_id can cause stale permissions to attach to new principals. While direct privilege escalation requires additional credential permissions, overlapping credential access can lead to unintended access to external AI models. The article emphasizes the importance of deterministic security behavior in deprovisioning and access governance.
Comments
No comments yet
Be the first to share your thoughts!
Browser Extension
Get instant access to AllDevBlogs from your browser
Top of the Week
No top articles yet