Re: Visual Studio gives direct dbo access to Sql Server 2000 ??? <<Update>>
From: BBFrost (barry.b.frost_at_remove_this.wrd.state.or.us)
Date: 07/19/05
- Next message: Uri Dimant: "Re: How to control the security in this case?"
- Previous message: BBFrost: "Visual Studio gives direct dbo access to Sql Server 2000 ???"
- In reply to: BBFrost: "Visual Studio gives direct dbo access to Sql Server 2000 ???"
- Next in thread: Dan Artuso: "Re: Visual Studio gives direct dbo access to Sql Server 2000 ??? <<Update>>"
- Reply: Dan Artuso: "Re: Visual Studio gives direct dbo access to Sql Server 2000 ??? <<Update>>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 18 Jul 2005 16:43:17 -0700
New Info ...
A couple of the developers turned out to be NT Domain administrators. We
removed the developers from the NT Domain Admin list and they now have to
login (over and over again) to access their tables. They're not very happy.
So far it seems that being an NT Domain Administrator allows one to "Blow
Right past" Sql Server's Security checks and access the server with "dbo"
rights.
Can anyone elaborate on what's going on here ??? Is there a way to allow
the developers to be NT Domain Admins without automatically granting them
"cart blanc" DB access ??
Again ... Thanks in advance.
Barry
in Oregon
"BBFrost" <barry.b.frost@remove_this.wrd.state.or.us> wrote in message
news:ew9p9j#iFHA.2472@TK2MSFTNGP15.phx.gbl...
> Greetings,
>
> I'm a new Sql Server administrator and I just received a shock ... We've
> set up a pretty much default instance of Win2003 server and SqlServer
2000.
>
> Just told the developers that I'd set up a test Sql Server instance and
told
> them the name. Shortly there after I found that they were connecting from
> Visual Studio are getting automatic 'dbo' access.
>
> Tables and views are popping up all over the place, all owned by dbo and
I'm
> having a tough time figuring out what's going on.
>
> I've set the Sql Server 2000 Security parameters to "Sql Security &
Windows"
> and I've created individual user accounts for our test database. (The
> security options I see are "SQL Server and Windows" & "Windows Only".
> Selecting "SQL Server and Windows" doesn't seem to limit the developers
from
> charging in with "Window Only" access.
>
> For example "smithca" has a Windows NT Domain account and Visual Studio.
>
> Within the test_db_server database I've created a "smithca" user account.
>
> With the test_db "smithca" has been granted the "public" roll.
>
> When "smithca" fires up Visual Studio Server Explorer, points at
> "test_db_server" and creates a "Window NT integrated security" account.
> WHAM! He's got "dbo" access to the database.
>
> From what I can see any developer can log into any database (test or
> production) with full DBA permissions.
>
> Afraid ... very afraid !!!
>
> Any help with this would be greatly appreciated !!!
>
> Thanks in advance
>
> Barry
> in Oregon
>
>
>
- Next message: Uri Dimant: "Re: How to control the security in this case?"
- Previous message: BBFrost: "Visual Studio gives direct dbo access to Sql Server 2000 ???"
- In reply to: BBFrost: "Visual Studio gives direct dbo access to Sql Server 2000 ???"
- Next in thread: Dan Artuso: "Re: Visual Studio gives direct dbo access to Sql Server 2000 ??? <<Update>>"
- Reply: Dan Artuso: "Re: Visual Studio gives direct dbo access to Sql Server 2000 ??? <<Update>>"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
