Re: db_denydatawriter
- From: Ant <Ant@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 18 Oct 2007 17:56:00 -0700
Hi Ekrem,
Thanks for your ideas.
I ran sp_hepuser on the data base & it returned two rows: The Group name
for each row was :
db_datareader
db_denydatawriter.
I tried sp_helpsrvrolemember as you alos suggested but her user name was not
included in the result set.
I'm wondering. We have an application which uses its own login to interact
with this database. If a user has read write access for this application,
perhaps this also gives read write access on the database to this user?
Sounds dangerous but this might be what is happening perhaps?
Thanks again for your ideas on this
Ant
"Ekrem Önsoy" wrote:
There is no difference modifying data using GUI or TSQL in terms of your.
question. So, denying is denying.
Resrictive permissions overrides in its own level. So, when you assign
db_denydatawriter to her she would not be able to modify data even if she
would have db_owner right.
However, if she has sysadmin right, then she'll be able to modify that data.
You may want to run the following lines in your Query Analyzer to see your
logins and users mor detailed.
USE <database_name>
EXEC sp_helpuser <user's_name> -- this helps you what permissions she has on
that database
EXEC sp_helpsrvrolemember 'sysadmin' -- you don't need to change anything
with this command. It'll list logins who has sysadmin role.
--
Ekrem Önsoy
"Ant" <Ant@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:70FDAC21-1CDB-40CC-AEB5-E187178FE35E@xxxxxxxxxxxxxxxx
Hi Uri,
Thanks for your reply. I don't believe this is the case. There is no way
we
would have done the registration of EM with her, as she wasn't even
employed
at the time of the registration ( if I understand your meaning).
I'm wondering two things:
Does DenyWriter only deny using the actual UPDATE, DELETE, INSERT
statements
in queries, but not deny the user to graphically change data in EM?
or
Is it possible she has some admin rights which override DenyWriter (though
I
doubt this).
I checked her User & she has been assigned no server roles. Her DB Role
permissions include Public, DataReader & DenyDataWriter.
Does this help at all?
Many thanks though for your interest in this
Regards
Ant
"Uri Dimant" wrote:
Ant
Probably it is because you did the registration of EM with the user who
has
more powerfull permissions
"Ant" <Ant@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C049AA62-F777-4111-A93F-E60F54BB8332@xxxxxxxxxxxxxxxx
Hi,
I have given a colleage db_datareader rights & db_denydatawriter rights
but
when she uses enterprise manager she can still edit fields graphically
simply
by clicking onthe field, changing it & moving the focus away.
Is this normal & if so, how can this be safegaurded against?
Many thanks for any ideas on this
Ant
- Follow-Ups:
- Re: db_denydatawriter
- From: Erland Sommarskog
- Re: db_denydatawriter
- References:
- Re: db_denydatawriter
- From: Uri Dimant
- Re: db_denydatawriter
- From: Ekrem Önsoy
- Re: db_denydatawriter
- Prev by Date: Re: db_denydatawriter
- Next by Date: Re: what is the best way to store passwords and credit card information in SQL Server 2005?
- Previous by thread: Re: db_denydatawriter
- Next by thread: Re: db_denydatawriter
- Index(es):
Relevant Pages
|
|
