Re: How do disable a user to "Generate SQL Scripts"

From: Matt Neerincx [MSFT] (mattn_at_online.microsoft.com)
Date: 09/30/05

• Previous message: Matt Neerincx [MSFT]: "Re: SSL Encryption Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Sep 2005 19:09:37 -0700

Since you give the user db_datareader membership, then they can read
anything in the database, including the structure of the tables.

You can deny permissions to system tables like sysobjects to prevent listing
tables for example, like so ->

    deny select on sysobjects to user1

This would prevent user1 from getting a list of tables for example.

Another common scheme is to only allow user's access to views and totally
restrict access to the actual underlying tables.

-- 
Matt Neerincx [MSFT]
This posting is provided "AS IS", with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup 
purposes only.
"Joao Rego" <Joao Rego@discussions.microsoft.com> wrote in message 
news:4B2E9F96-E012-4CF3-8033-A19A6E0DD797@microsoft.com...
>I have an SQLServer 2000 instance with a DataBase.
> I have 2 users: sa, new_user.
> The [new_user] has membership role: public, db_datareader, db_datawriter
> It has permissions to manipulate some table and stored procedures. He can
> not export, import, backup, restore the data base.
>
> The point is that he can generate a script for the all database!!!
> How do I disable it?
> Can some one give me some help on this issue.
>
> Thanks,
> JoaoRego 

• Previous message: Matt Neerincx [MSFT]: "Re: SSL Encryption Test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Can I deny select permission to members of Sysadmin role ... Sysadmin is the wrong role for this kind of situation. ... any member can just revoke them. ... Create a database role that has the ... > which i guess it does, but can the sa deny permissions to perform any DML ... (microsoft.public.sqlserver.security) Re: Problem on quering Access link table ... Is "Alias" a field in the Exchange table? ... > simply test the recordset for BOF/EOF? ... > Access Database Samples: www.rogersaccesslibrary.com ... I wrote ASP code to use Alias ... (microsoft.public.access.queries) Re: Select from open view using DBF() ... So you created an alias like this? ... At any rate as I mentioned I'm using a parameterized view in a database. ... will not see any un-saved changes as VFP appears to do a USE AGAIN and ... I have worked around it by using copy to array and other commands, ... (microsoft.public.fox.vfp.dbc) Re: SCR and Replay Queue length ... Are you also able to get the file attributes for the seeding directory using attrib? ... This posting is provided "AS IS" with no warranties, ... Please do not send email directly to this alias. ... > permon when trying to seed the database and didn't see anything out of> the ... (microsoft.public.exchange.admin) Re: Priv1.edb and stm size cannot reduce after eseutil /d ... it would mount with blank a database. ... Please do not send e-mail directly to this alias. ... it was four o'clock by the time I got the defrag copy on to ... > the drive, if I had mistype the name, would the services start again? ... (microsoft.public.exchange.admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint