SQL permissions function fails in tempdb

From: james (james_at_discussions.microsoft.com)
Date: 10/07/04

• Next message: boon: "Re: Question on C2 Log"
• Previous message: Trek Fan: "Application and Data Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 6 Oct 2004 16:25:01 -0700

I have noticed that the function “permissions” in SQL Server does not work
for tables in tempdb. This also causes the system stored procedures
sp_tables and sp_columns to fail when used in tempdb.

I suspect this is actually a deeper issues than just the “permissions”
function, likely the actual permissions of temp tables and the fact that they
are all owned by dbo.

I’m curious if anyone else has come across this or knows anything about it.

To see the problem, run the script below for a regular user and run it for
sa (or another system administrator level user). Open two sessions in Query
Analyzer, one for sa and one for a regular user. Set both databases to
tempdb, run the scripts and compare the results.

CREATE TABLE #t
(
 low int,
 high int
)

--regular user returns 0 indicating no permissions, admin returns 4096
indicating SELECT permissions for the table
select permissions (o.id)&4096, permissions(o.id), * from sysobjects o where
name like '#t_%'

--both regular user and sa can select from their table
select * from #t

In addition to that, when you create a temp table as a regular user, then
check the permissions from an sa connection, it indicates the sa user has
privileges to read the table, even though that table cannot be read from the
sa connection. In the sa session, check the permission of the table created
by the regular user. It will show 4096 indicating permissions to select from
the table. Try to select from the table and you will get an error because
even sa does not have permissions to read a temporary table created by
another user. No one has access to temporary tables except the connection
that made them.

My reason for asking about this is that a third-party software package we
use has started calling sp_tables to validate tables and it fails because the
tables are in tempdb.

• Next message: boon: "Re: Question on C2 Log"
• Previous message: Trek Fan: "Application and Data Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: enable "runas" under account, without log into workstations ? ... > regular user with some permissions mods to program files folder, ... > help with tracking down permissions problems if you logon as regular user ... item 1 states that you create the account as an admin. ... (microsoft.public.windows.server.networking) Re: Restrict browsing partitions/directories hard disk ... The question I didn't see asked is ..."What permissions does the user have?" ... if a regular user is ... > cannot be run by that user anymore. ... > while startup remains error-free and all programs can still be run? ... (microsoft.public.win2000.security) RE: My regular user login suddenly doesnt see any printer on my win2k3 server ... the user needs to have the permissions. ... Check if the regular user has the permission to use the printer. ... please refer to the following article. ... 324738 How To Configure Printer and Print Server Settings in Windows Server ... (microsoft.public.win2000.advanced_server) Re: Question regarding microsoft security policy ... Microsoft does not consider an application certified for Windows 2000 [or whatever ... permissions to give regular users the same permissions as power users. ... then you can logon to a computer as a regular user and then use runas ... (microsoft.public.win2000.security) Re: Thank you very much...again ... The reason that we need to grant ... delete..etc permissions on tempdb. ... >database which would avoid some of this. ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint