Re: Read Only User - One Database

• Previous message: Dejan Sarka: "Re: Database Role & Application"
• In reply to: Sue Hoegemeier: "Re: Read Only User - One Database"
• Next in thread: Sue Hoegemeier: "Re: Read Only User - One Database"
• Reply: Sue Hoegemeier: "Re: Read Only User - One Database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Oct 2004 08:55:09 -0400

I've deleted the guest account from other user DBs and the user I can not
see/connect to those DBs - good.

I've unchecked the db_datareader role and only gave select permissions to 2
views in the DB - that seems to work OK as well.

However, the user can still select from system tables in the database they
are assigned to. Any way to prevent that?

"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
news:og93o0loelonsc0tkhbhau449s6defp78l@4ax.com...
> Which other databases? Most likely those are databases with
> the guest account enabled. If a user doesn't have an account
> to log into the database and the guest account is enabled,
> the user has access through the guest account and whatever
> rights are granted to public and this account. The guest
> account cannot be deleted from master or tempdb. It can be
> added, delete from other databases.
> When you added the user to the db_datareader role, you gave
> that user permissions to select from all user tables.
> Permissions are cumulative so the user obtains all
> permissions through the combination of their individual
> account and any groups, roles that they are members of. When
> you also gave the individual account select permission on
> views, the user ended up with those permissions as well as
> select on all user tables.
>
> -Sue

• Previous message: Dejan Sarka: "Re: Database Role & Application"
• In reply to: Sue Hoegemeier: "Re: Read Only User - One Database"
• Next in thread: Sue Hoegemeier: "Re: Read Only User - One Database"
• Reply: Sue Hoegemeier: "Re: Read Only User - One Database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Cant Remember How to Setup User Accounts ... I don't like having the guest account enabled on an XP Pro computer as it ... Then you can use NTFS folder permissions to manage what users on your ... EFS file encryption built in. ... (microsoft.public.windowsxp.security_admin) Re: Read Only User - One Database ... No....nothing about someone creating the guest account but I ... don't know what databases the user is accessing. ... >> that user permissions to select from all user tables. ... (microsoft.public.sqlserver.security) Re: Read Only User - One Database ... Which other databases? ... If a user doesn't have an account ... to log into the database and the guest account is enabled, ... that user permissions to select from all user tables. ... (microsoft.public.sqlserver.security) Re: Help with Guest account ... I meant to say that I never use the built in guest account - ... problem accessing the internet with it as it uses that same network ... (microsoft.public.windowsxp.security_admin) Re: Help with Guest account ... taking advantage of the built in Help for XP. ... you are saying about the guest account. ... problem accessing the internet with it as it uses that same network ... (microsoft.public.windowsxp.security_admin)