What commands can a user execute
- From: Cqlboy <Cqlboy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Aug 2008 15:35:01 -0700
I have user access SQL Server 2005 via a Windows NT Group which is not mapped
to any server roles but is a db_owner in almost all databases. I just
learned from a security monitoring script which logs security events that a
member from this NT Group created and dropped a database. How ???
Inspecting sp_srvrolepermission
and sp_dbfixedrolepermission I find that only the dbcreation server role has
the permission to create/drop a database which, again, my NT Group is not
mapped to.
How do I determine an NT Groups permissions and more importantly, which
commands they can execute ? Thanks. -CqlBoy
fn_my_permissions(NULL, 'Database')
sp_srvrolepermission
sp_dbfixedrolepermission
select sl.*
from master.sys.syslogins sl
left join sys.database_role_members rm on
user_name(rm.member_principal_id) = sl.loginname
.
- Follow-Ups:
- RE: What commands can a user execute
- From: Linchi Shea
- Re: What commands can a user execute
- From: Erland Sommarskog
- RE: What commands can a user execute
- Prev by Date: Re: Locked Out of Local Instance
- Next by Date: Re: What commands can a user execute
- Previous by thread: Locked Out of Local Instance
- Next by thread: Re: What commands can a user execute
- Index(es):
Relevant Pages
|
