Re: Read Only User - One Database
From: Uri Dimant (urid_at_iscar.co.il)
Date: 10/31/04
- Previous message: Steve: "New data source connection failure"
- In reply to: Sue Hoegemeier: "Re: Read Only User - One Database"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 31 Oct 2004 11:20:42 +0200
Adrian
In additon to Sue's advice ,if you don't want the users be able to select
from system tables , you can hide them by editing SQL Server registration
"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
news:m745o01h1ck4l9e3262931g9nktach4ru3@4ax.com...
> The public role is able to select from some of the system tables. All
> database user are members of public. That's why the user can select
> from some of the system tables.
>
> -Sue
>
> On Fri, 29 Oct 2004 08:55:09 -0400, "Adrian Maull \(MCP\)"
> <no_spam@no_email.org> wrote:
>
> >I've deleted the guest account from other user DBs and the user I can not
> >see/connect to those DBs - good.
> >
> >I've unchecked the db_datareader role and only gave select permissions to
2
> >views in the DB - that seems to work OK as well.
> >
> >However, the user can still select from system tables in the database
they
> >are assigned to. Any way to prevent that?
> >
> >"Sue Hoegemeier" <Sue_H@nomail.please> wrote in message
> >news:og93o0loelonsc0tkhbhau449s6defp78l@4ax.com...
> >> Which other databases? Most likely those are databases with
> >> the guest account enabled. If a user doesn't have an account
> >> to log into the database and the guest account is enabled,
> >> the user has access through the guest account and whatever
> >> rights are granted to public and this account. The guest
> >> account cannot be deleted from master or tempdb. It can be
> >> added, delete from other databases.
> >> When you added the user to the db_datareader role, you gave
> >> that user permissions to select from all user tables.
> >> Permissions are cumulative so the user obtains all
> >> permissions through the combination of their individual
> >> account and any groups, roles that they are members of. When
> >> you also gave the individual account select permission on
> >> views, the user ended up with those permissions as well as
> >> select on all user tables.
> >>
> >> -Sue
> >
>
- Previous message: Steve: "New data source connection failure"
- In reply to: Sue Hoegemeier: "Re: Read Only User - One Database"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
