Re: Read Only User - One Database

• Previous message: Adrian Maull \(MCP\): "Re: Read Only User - One Database"
• In reply to: Adrian Maull \(MCP\): "Re: Read Only User - One Database"
• Next in thread: Uri Dimant: "Re: Read Only User - One Database"
• Reply: Uri Dimant: "Re: Read Only User - One Database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Oct 2004 13:01:01 -0600

The public role is able to select from some of the system tables. All
database user are members of public. That's why the user can select
from some of the system tables.

-Sue

On Fri, 29 Oct 2004 08:55:09 -0400, "Adrian Maull \(MCP\)"
<no_spam@no_email.org> wrote:

>I've deleted the guest account from other user DBs and the user I can not
>see/connect to those DBs - good.
>
>I've unchecked the db_datareader role and only gave select permissions to 2
>views in the DB - that seems to work OK as well.
>
>However, the user can still select from system tables in the database they
>are assigned to. Any way to prevent that?
>
>"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
>news:og93o0loelonsc0tkhbhau449s6defp78l@4ax.com...
>> Which other databases? Most likely those are databases with
>> the guest account enabled. If a user doesn't have an account
>> to log into the database and the guest account is enabled,
>> the user has access through the guest account and whatever
>> rights are granted to public and this account. The guest
>> account cannot be deleted from master or tempdb. It can be
>> added, delete from other databases.
>> When you added the user to the db_datareader role, you gave
>> that user permissions to select from all user tables.
>> Permissions are cumulative so the user obtains all
>> permissions through the combination of their individual
>> account and any groups, roles that they are members of. When
>> you also gave the individual account select permission on
>> views, the user ended up with those permissions as well as
>> select on all user tables.
>>
>> -Sue
>

• Previous message: Adrian Maull \(MCP\): "Re: Read Only User - One Database"
• In reply to: Adrian Maull \(MCP\): "Re: Read Only User - One Database"
• Next in thread: Uri Dimant: "Re: Read Only User - One Database"
• Reply: Uri Dimant: "Re: Read Only User - One Database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Execute Persmission denied on object sp_OACreate ... If so what access and permissions. ... The account is a windows account. ... One method to test permissions is to log in to your SQL Server box using the ... >>> SA account password and gaining access to the database. ... (microsoft.public.sqlserver.security) Re: Access database, network access problems ... It turns out it is a permissions problem, but, the cause is still unknown. ... If I was to replace this account with my own, the connection works, and I ... webserivce that returns data from a small access database; ... > engine will attempt to create an .LDB file. ... (microsoft.public.dotnet.framework.adonet) Re: Business Data Catalog (BDC) -- Does Not Work -- Sharepoint 2007 Beta ... following grant permissions: ... TSQL Local Machine ... Also both have Permission to Connect to Database engine set to Grant ... Application Settings->Server process account for the BDC is selected ... (microsoft.public.sharepoint.portalserver) Re: Problems accessing an MS Access 2000 DB in ASP ... > which currently ressides on the new providers server as they support ... In this database there is only one ... > the appropriate permissions for you. ... IWAM_machinename account also needs those permissions. ... (microsoft.public.inetserver.asp.general) Re: Please! Doesnt anyone know a better way to do this? ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ... (microsoft.public.dotnet.framework.aspnet)