Re: Deny Access to SQL Server Login
From: Russell Fields (rlfields_at_sprynet.com)
Date: 08/27/03
- Next message: alicia t: "lost membership in builtin/adminstrators"
- Previous message: Russell Fields: "Re: MSDE 2000 SA Account Password"
- In reply to: John Aspenleiter: "Re: Deny Access to SQL Server Login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Aug 2003 10:58:46 -0400
John,
Have you looked at the sp_denylogin stored procedure?
It is not in itself a neat and clean sweeping answer, but is a tool. I
would think that you could create a Windows group that contains all the
logins you want to occasionally deny rights to. Then you could do something
like:
sp_denylogin [MyDomain\GroupToBeRestricted]
-- do my other stuff that needed privacy
sp_grantlogin [MyDomain\GroupToBeRestricted]
I have to confess that I have never done this. :-) When I want privacy in a
database for some work, I usually want it to be in either single_user or
restricted_user mode: E.g.
ALTER DATABASE mydatabase
SET SINGLE_USER WITH ROLLBACK IMMEDIATE
Russell Fields
"John Aspenleiter" <jaspenle@strong.com> wrote in message
news:0e2a01c36ca4$4a941180$a301280a@phx.gbl...
> Thanks for the reply Kimberly. It would be nice to be
> able to single out logins that you need locked out. To
> me, it seems like something they forgot to include...
>
> John
>
>
> >-----Original Message-----
> >If you want to block ALL users from getting NEW
> connections then you could
> >"pause" SQL Server. If you only want to prevent some
> users from ALL
> >databases then this is not an option... Not a bad design
> change request
> >(send an email to sqlwish@microsoft.com).
> >
> >BUT - if you're really trying to block all users from a
> specific database
> >because you're trying to do maintenance on a specific
> database - then how
> >about setting that database to "restricted_user" and it
> will only allow DBO?
> >Maybe that will work? The syntax is
> > ALTER DATABASE dbname
> > SET RESTRICTED_USER
> >
> >hth,
> >kt
> >
> >--
> >Please reply only on the newsgroups! Include dml/ddl,
> when possible.Thanks
> >Kimberly L. Tripp
> >President, SYSolutions, Inc. www.SQLSkills.com
> >Principal Mentor, Solid Quality Learning
> www.SolidQualityLearning.com
> >
> >
> >"John Aspenleiter" <jaspenle@strong.com> wrote in message
> >news:056201c36c15$c3a10a90$a101280a@phx.gbl...
> >> My question has to do with SQL Server logins in SQL
> Server
> >> 2000. I know that nt accounts with sql server you have
> >> the ability to deny access to certain nt accounts. How
> >> would you deny access to SQL Server accounts?
> >>
> >> sp_addlogin john, john, master
> >>
> >> EXEC sp_denylogin 'john'
> >>
> >> Server: Msg 15407, Level 11, State 1, Procedure
> >> sp_denylogin, Line 31
> >> 'john' is not a valid Windows NT name. Give the complete
> >> name: <domain\username>.
> >>
> >> I need the ability to lockout logins for maintenance
> >> purposes. I don't know of a clean way to block logins
> >> from accessing sql server...
> >>
> >> Thanks!
> >>
> >> John
> >
> >
> >.
> >
- Next message: alicia t: "lost membership in builtin/adminstrators"
- Previous message: Russell Fields: "Re: MSDE 2000 SA Account Password"
- In reply to: John Aspenleiter: "Re: Deny Access to SQL Server Login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
