Re: permissions not working

Jenn,

I imagine that there is some unexpected rights that your user has that you
have not found. By now, you have probably already done:

use yourdatabase
exec sp_helplogins 'loginname' -- login overall rights
exec sp_helpuser 'username' -- user role membership
exec sp_helprotect @username='username' -- directly assigned rights

Be sure to repeat the sp_helprotect for each role that has the user as a
member.

Slightly more mysterious:

I understand that this is a Windows login you are testing. Do you tend to
grant rights to Windows Groups (as I do) rather than Windows Logins? If so,
then another thing to check is "What Windows Groups with access to my server
have this login as a member?" Then, "What rights are granted to those
groups?" This is a little more subtle if you don't have access to domain
tools, but you can do the following from SQL Server running as the
'loginname' that you are having trouble with.

select name from master.dbo.syslogins where is_member(name) = 1

This will return all logins with the current login as a member. If this
exposes a security context that you did not know about, then you can pursue
what rights that group has.

FWIW,
RLF

"JEM" <Jenn@xxxxxxxxxxxxxxxxx> wrote in message
news:8a231594-97c5-4be5-8461-bee6b03df823@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi. I have a SQL Server 2000 database,using Windows Authentication,
and have created some new roles and assigned permissions to the
various tables, views and sprocs. However, the permissions are not
working. When I log on as a user in one of the roles, i still have
access to insert, update, delete records in tables that i have
specifically denied permissions on (they should only have select
permissions which they have). I am able to log onto Query Analyzer
and do everything with the table that i should not be able to do. The
user is only a member of public and this role. The objects are all
owned by dbo. Any ideas?

Thanks,
jenn


.

Relevant Pages

  • Re: Normal user login now logs off immediately [w/o administrator
    ... The login begins in a normal fashion: ... >> problem I happened to give my normal user account administrator rights, ... > Right click on MountedDevices and select "Permissions". ... Thanks for the reply WTC. ...
    (microsoft.public.windowsxp.general)
  • Re: Windows Server 2003 Auto connect printers;
    ... I removed the NT Authentication but then the user's don't have enough ... then for a normal basic user to login to a TS without having NT ... Isn't some form of admin rights required for a non admin user ... >> You do this by granting only those permissions that are ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Removing Users from Database
    ... If the user is a member of any ... >group-level permissions in the database, ... >double-check the server login and verify that the login ...
    (microsoft.public.sqlserver.security)
  • Re: IIS Access Problems
    ... Make sure all the permissions and user right are correct as per folllowing ... This posting is provided "AS IS" with no warranties, and confers no rights. ... > tries to login to the site they get the error below. ... > The authenication is set to Windows Authenication with no anonymous ...
    (microsoft.public.inetserver.iis)
  • Re: Security .mdw - how to add myself to list of users
    ... In that case, you'd need to have a valid username/password to login, and that login would need the appropriate ... permissions to change the user list. ... You don't need to open the MDW file in MS Access. ... This *may* allow you to assign the necessary rights to your user. ...
    (microsoft.public.access.security)