Re: SQL Local Account Permission - Read Only on System Tables and View

From: "Russell Fields" <russellfields@xxxxxxxxxx>
Date: Fri, 28 Dec 2007 14:49:22 -0500

ASP_Paul,

SQL Server 2005 tends to lock down information that SQL Server 2000 gave
away freely. So, most users can only see things that directly connect to
their rights. Other rights can be granted, if a logon needs more
information than the default. Look at some of the new types of GRANT
permissions.

Server Level:
VIEW SERVER STATE
VIEW ANY DEFINITION
VIEW ANY DATABASE

Database Level:
VIEW DATABASE STATE
VIEW DEFINITION

Only use these as appropriate to your security standards, of course.

RLF

"ASP_Paul" <ASP_Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CEB3585E-89C7-48E8-BEE7-1165A0DACC9B@xxxxxxxxxxxxxxxx

I have been given the task of creating a local SQL account (Application
account) on our 2005 SQL server for the use of a custom application that
will
look at the status of jobs/packages/etc... The application user id has
been
granted 'select access' to a list of tables provided by our development
staff. However I am running into problems with 2 system views. I granted
select on each view and have the following problem:

SQL:
select * from master..syslogins
Results:
Only 2 records, and both records are the 2 SQL accounts of SA and the
Application ID I created.

SQL
select * from dbo.sysschedules_localserver_view
Results:
No rows. I know there are 40 records when selected as an Admin account.

I was able to work around the problem by created a stored proc as such:

CREATE PROCEDURE dbo.aspSyslogins
WITH EXECUTE AS OWNER
AS
select * from master..syslogins
GO

GRANT EXECUTE ON dbo.aspSyslogins TO public
GO

However, I would rather figure out why I can not select directly against
the
view as this was this was the request given to me by our Dev staff.

Prev by Date: Re: Audit Trace Files
Next by Date: Re: NT Authority\networkservice failed to connect
Previous by thread: Cannot connect with the Administator account
Next by thread: Securing a Server Install
Index(es):
- Date
- Thread

Relevant Pages

Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
(microsoft.public.sqlserver.security)
Re: SharePoint V3 Install Error
... But it our case it had to do with Group Policies that forbid the account of ... WSS FAQ:www.wssv3faq.com/wss.collutions.com ... Event Source: WindowsSharePointServices3Search ... whatever you are installing WSS as sufficient rights to the SQL Server ...
(microsoft.public.sharepoint.windowsservices)
RE: Problems with WebParts
... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ...
(microsoft.public.dotnet.framework.aspnet)
Re: Cannot connect to Query Analyzer
... For Query Analyzer, I tried replacing the file as you suggested but had the ... same results (Enterprise Manager starts up fine, ... I created an account on my laptop and changed SQL ... Try replacing the MMC app for SQL Server from the original ...
(microsoft.public.sqlserver.connect)
Problems with WebParts
... The connection string specifies a local SQL Server Express instance using a ... database location within the applications App_Data directory. ... server account must have read and write access to the applications directory. ... logged-in user needs the dbcreator privilege in the appropriate SQL Server ...
(microsoft.public.dotnet.framework.aspnet)