Re: Remove permissions in default Public Role?
- From: "Noone" <IDontLikeSpam@xxxxxxxxxxx>
- Date: Wed, 5 Apr 2006 02:44:12 -0700
Thanks for the info Sue. I appreciate it. I'll look into it.
Take cares,
J
"Sue Hoegemeier" <Sue_H@xxxxxxxxxxxxx> wrote in message
news:eo7632d2kislgid1t1122vf7aa23eco85o@xxxxxxxxxx
Most of what they have access to is needed for
functionality. When you think about it, there is a certain
amount of meta data and system functions that all users
would need access to in order to actually do anything at all
in a database or when connecting to a database server.
You'd want to make sure you are not granting permissions to
the public role. And then follow all of the security papers
and guidelines. You can find security links here:
http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec00.mspx
-Sue
On Mon, 3 Apr 2006 23:13:16 -0700, "Noone"
<IDontLikeSpam@xxxxxxxxxxx> wrote:
Thanks for your response Sue. I appreciate it.
I'm just a little concerned if regular users have access to the system
objects (tables, stored procedures) would this make our database more
vulnerable?
I also recently noticed if a regular user sets up an Data Source in the
Control Panel they can also see the system databases (master, msdb, temp)
in
the "Change the default database to:" drop down box which I believe is
happening because of the Public Role in the Master db. Should this be of
concern also in our ultimate goal of unauthorized users accesing our
application defined databases which hold the sensitive data?
Thanks again Sue.
J
"Sue Hoegemeier" <Sue_H@xxxxxxxxxxxxx> wrote in message
news:noo332tmolbd4bggph55vgbsppj7p74mrt@xxxxxxxxxx
The permissions granted to user defined objects can be
changed but you can break things if you remove all of the
permissions granted to the system objects.
-Sue
On Mon, 3 Apr 2006 13:11:46 -0700, "J"
<IDontLikeSpam@xxxxxxxxxxx> wrote:
Hello. Sorry if this is an obvious novice question but is ok and good
security practice to remove all permissions in the default Public Role
in
SQL Server 2000? I create my own defined roles for each database and am
assumming it's good to remove every single permission in the Public Role
without anything breaking. Most of our databases we just need the
regular
users to access the application tables and not any system tables or
stored
procedures and was wondering it's ok to remove all of the Public Role's
permissions? Thanks in advance.
J
.
- References:
- Remove permissions in default Public Role?
- From: J
- Re: Remove permissions in default Public Role?
- From: Sue Hoegemeier
- Re: Remove permissions in default Public Role?
- From: Noone
- Re: Remove permissions in default Public Role?
- From: Sue Hoegemeier
- Remove permissions in default Public Role?
- Prev by Date: Re: Remove permissions in default Public Role?
- Next by Date: Re: Cannot get AD groups to work in SQL 2k5
- Previous by thread: Re: Remove permissions in default Public Role?
- Next by thread: Login problem
- Index(es):
Relevant Pages
|
