Re: How to hide unauthorized databases with SQL 2005?

After VIEW ANY DATABASE is denied, only master, tempdb, and databases that
the login owns are visible. Other databases that the user can access are
not enumerated but can still be accessed directly by setting the database
context (e.g. USE). Unfortunately, SSMS Object Explorer functionality is
limited to visible databases.

The reason for this behavior is that it is necessary to open each database
on the server to determine whether or not a non-privileged login has
database access. This caused performance issues on servers with a lot
(100's) of databases.

If this feature is important to you, make a suggestion (or vote on the
importance if already submitted) at the product feedback center:
http://lab.msdn.microsoft.com/productfeedback/default.aspx

--
Hope this helps.

Dan Guzman
SQL Server MVP

"SL Coder" <sl_coder@xxxxxxxxxxx> wrote in message
news:eV8jH9BaGHA.4116@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the reply Dan. But the problem is, this statement applies for all
databases that is not what I want. I need to allow userA to see one database
while denying other databases. Is it possible. Have I missed anything?

Shane

"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%2300soIBaGHA.3304@xxxxxxxxxxxxxxxxxxxxxxx
VIEW ANY DATABASE is granted to public by default. If you want to remove
this permission from userA:

USE master
DENY VIEW ANY DATABASE TO userA

Although the user still has VIEW ANY DATABASE via public role membership,
the DENY takes precedence.

You could also REVOKE VIEW ANY DATABASE from public and then selectively
grant that permission to users as you see fit.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"SL Coder" <sl_coder@xxxxxxxxxxx> wrote in message
news:e50gEfAaGHA.3704@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> I have configure permission for userA and he can access only one
database.
> When user estabilish the connection via management studio, though he
> cannot access other databases, he can see them. Is it possible to hide
> other databases for userA?
>
> Appreciate all your reply.
>
> Shane
>



.

Relevant Pages

  • Re: restoring dB and login to new server
    ... Tibor Karaszi, SQL Server MVP ... that looks like it would simplify things a bit...but I still need to create the login manually? ... databases between servers by doing a full backup, then restoring on the new ... database, I get an error that the "user or role already exists". ...
    (microsoft.public.sqlserver.tools)
  • Re: Default database in Query Analyzer
    ... If they don't have a Login then how do they connect to SQL Server? ... SQL Server MVP ... >> Is .NET important for a database professional? ...
    (microsoft.public.sqlserver.programming)
  • Re: Granting access for a database to an already created login?
    ... BG, SQL Server MVP ... > I'm trying to grant access for a particular database to an already ... > created login. ...
    (microsoft.public.sqlserver.programming)
  • Re: New DBs DBO does not have an associated login name
    ... so the database does have an owner. ... Add the NT login as a valid login in its own right, ... >> SQL Server MVP ...
    (microsoft.public.sqlserver.setup)
  • Re: How to hide unauthorized databases with SQL 2005?
    ... VIEW ANY DATABASE is granted to public by default. ... DENY VIEW ANY DATABASE TO userA ... grant that permission to users as you see fit. ...
    (microsoft.public.sqlserver.security)