Re: View Security
From: Ali.M (Hate@Spam.com)
Date: 03/06/03
- Next message: Denny: "Re: View Security"
- Previous message: Steve Anderson: "Re: Win32/SQLSlammer.virus"
- In reply to: Denny: "Re: View Security"
- Next in thread: Denny: "Re: View Security"
- Reply: Denny: "Re: View Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ali.M" <Hate@Spam.com> Date: Wed, 5 Mar 2003 20:39:08 -0500
EnterpriseManager=>Server=>Security=>Logins
Please see attached picture.
"Denny" <mrdenny@gamespy.com> wrote in message news:#T#iD124CHA.1540@TK2MSFTNGP09.phx.gbl...
We might be getting confused on semantics. What are you referring to by server logins?
--
Denny Cherry
Database Administrator
GameSpy Industries
"A.M" <hate-spam@spam.com> wrote in message news:eAJk6j24CHA.2324@TK2MSFTNGP10.phx.gbl...
It doesn't work. I think enterprise manager doesn't use master.dbo.sysxlogins
"Denny" <mrdenny@gamespy.com> wrote in message news:ep0YcE24CHA.1540@TK2MSFTNGP09.phx.gbl...
Do you mean master.dbo.sysxlogins?
--
Denny Cherry
Database Administrator
GameSpy Industries
"A.M" <hate-spam@spam.com> wrote in message news:#RXL7214CHA.2248@TK2MSFTNGP12.phx.gbl...
That is grate. Thanks alot.
The only thing if we can also hide is list of server logins. Do you know how to do that ?
Thanks,
Ali
"Denny" <mrdenny@gamespy.com> wrote in message news:uwn7Bq14CHA.1612@TK2MSFTNGP11.phx.gbl...
You would need to deny execute access to master.dbo.sp_helptext.
I created a role in both master and my test Database.
I assigned the deny permissions to this role, and assigned the user to the role in both master and the test database. For your security level you'll probally want to deny select access to master.dbo.sysobjects and master.dbo.sysusers as well.
This should prevents your user from doing anything but selecting through query analyser or osql from the views you tell him about.
--
Denny Cherry
Database Administrator
GameSpy Industries
"A.M" <hate-spam@spam.com> wrote in message news:Oq$xhb14CHA.1888@TK2MSFTNGP10.phx.gbl...
That techniqe worked well. I also denied access to sysusers. Is there anyway that pervent them don't see the view difinition or sp difinition ?
Thanks,
Ali
"Denny" <mrdenny@gamespy.com> wrote in message news:OQS18B14CHA.1896@TK2MSFTNGP10.phx.gbl...
You can remove a users select access to sysobjects, which will stop them from being able to use EM to view the database, but will allow them to do a select from the view. The CRM group at my last company did this to me. Still not sure why, but it did work, and was very annoying.
--
Denny Cherry
Database Administrator
GameSpy Industries
"Tom Moreau" <tom@dont.spam.me.cips.ca> wrote in message news:OrBrn804CHA.2396@TK2MSFTNGP11.phx.gbl...
By default, you can examine the system objects. I imagine you could revoke SELECT permission on the various tables, procs, etc. Metadata is generally not considered sensitive.
--
Tom
---------------------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON Canada tom@cips.ca
www.pinnaclepublishing.com/sql
"A.M" <hate-spam@spam.com> wrote in message news:#RQ7P204CHA.1676@TK2MSFTNGP12.phx.gbl...
So you mean if we give small access to a user then the user will be able to see all database structure ? That is terrible vulnerability.
We have SCHEMA in Oracle so i can efficiently hide any part of database from user. Do we have similar thing in SQL server? I know SqlServer 2000 has scema capability. Can it solve my problem ?
Thanks,
Ali
"Tom Moreau" <tom@dont.spam.me.cips.ca> wrote in message news:#xtfKY04CHA.2408@TK2MSFTNGP09.phx.gbl...
Well, yes and no. You can create a view, proc or function and specify the WITH ENCRYPTION option. However, it is quite difficult to prevent users from seeing a list of objects.
--
Tom
---------------------------------------------------------------
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON Canada tom@cips.ca
www.pinnaclepublishing.com/sql
"A.M" <hate-spam@spam.com> wrote in message news:O$KCE2z4CHA.2408@TK2MSFTNGP09.phx.gbl...
Hi,
Can i limit a user to just run a select statemet on a view, but do not allow
him see the view definition or list of other database objects?
If i make a login member of database public role, then that user will be
able to see all database structue such as view/table/sp definitions.
We need to restrict a user and hide database structure from him. All we want
him to do is run a select statement on a view, but we don't want him to see
view structure.
Any help would be appreciated,
Ali
- Next message: Denny: "Re: View Security"
- Previous message: Steve Anderson: "Re: Win32/SQLSlammer.virus"
- In reply to: Denny: "Re: View Security"
- Next in thread: Denny: "Re: View Security"
- Reply: Denny: "Re: View Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
