Re: db_owner
- From: "Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 6 Dec 2007 22:00:36 -0600
Is there a way to disable all of the 'guest' accounts in all of the system and user databases since I noticed this Microsoft article recommends not to remove the 'guest' account http://support.microsoft.com/default.aspx/kb/315523
There is only one guest user ("guest") in the system databases, which is required for proper operation. The guest user inherits only minimal permissions from the public role so permissions are quite limited in master and tempdb.
You might consider revoking public execute permissions on the msdb database sp_add_job and sp_add_dtspackage if you want to prevent non-sysadmins from creating jobs or saving DTS packages in msdb.
--
Hope this helps.
Dan Guzman
SQL Server MVP
"zz12" <IDontLikeSpam@xxxxxxxxxxx> wrote in message news:Ozqp05DOIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
Is there a way to disable all of the 'guest' accounts in all of the system and user databases since I noticed this Microsoft article recommends not to remove the 'guest' account http://support.microsoft.com/default.aspx/kb/315523
Thanks Dan.
"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:740E18FB-57E3-4F74-84B4-8327509943F9@xxxxxxxxxxxxxxxxAll logins can access databases with the guest user enabled. This includes sample and system databases but permissions in the system databases are minimal.
--
Hope this helps.
Dan Guzman
SQL Server MVP
"zz12" <IDontLikeSpam@xxxxxxxxxxx> wrote in message news:O0%23a8Y5NIHA.3852@xxxxxxxxxxxxxxxxxxxxxxxI just created a Windows domain user something like 'DomainAUser\JoeTest' and assigned him to the db_owner role to one of our user created databases. When I set up an odbc or .udl using this Windows domain user credentials how come this user is able to see our system databases and a couple other in the default database drop down box which kind of is concerning.
Thanks.
"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:26708F07-A4D5-41EB-BDE9-169A201295A4@xxxxxxxxxxxxxxxxYes, db_owner will pretty much give the consultant full control but only within that database.
--
Hope this helps.
Dan Guzman
SQL Server MVP
"zz12" <IDontLikeSpam@xxxxxxxxxxx> wrote in message news:e5sNUtgNIHA.5860@xxxxxxxxxxxxxxxxxxxxxxxHello. What would be the best role assignment for a temporary consultant to access one of our user created databases on our sql2k server to allow this person to develop freely but only within this database and not any of our other databases including the obvious system databases? Would it be ok to give this consultant a windows domain login and assign it as a db_owner or would assigning a combination of the other system roles within this db be better?
Thanks in advance.
.
- Follow-Ups:
- Re: db_owner
- From: zz12
- Re: db_owner
- References:
- db_owner
- From: zz12
- Re: db_owner
- From: zz12
- Re: db_owner
- From: Dan Guzman
- Re: db_owner
- From: zz12
- db_owner
- Prev by Date: Re: db_owner
- Next by Date: Re: current security context is not trusted (cross db ownership chaini
- Previous by thread: Re: db_owner
- Next by thread: Re: db_owner
- Index(es):
Relevant Pages
|
|
