Re: What commands can a user execute
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Fri, 08 Aug 2008 14:53:38 -0700
Cqlboy (Cqlboy@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
I have user access SQL Server 2005 via a Windows NT Group which is not
mapped to any server roles but is a db_owner in almost all databases. I
just learned from a security monitoring script which logs security
events that a member from this NT Group created and dropped a database.
How ??? Inspecting sp_srvrolepermission and sp_dbfixedrolepermission I
find that only the dbcreation server role has the permission to
create/drop a database which, again, my NT Group is not mapped to. How
do I determine an NT Groups permissions and more importantly, which
commands they can execute ? Thanks. -CqlBoy
Do
EXECUTE AS LOGIN = 'GROUP\USER'
go
SELECT * FROM fn_my_permissions(NULL, 'server')
go
REVERT
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Follow-Ups:
- Re: What commands can a user execute
- From: Cqlboy
- Re: What commands can a user execute
- References:
- What commands can a user execute
- From: Cqlboy
- What commands can a user execute
- Prev by Date: What commands can a user execute
- Next by Date: Re: What commands can a user execute
- Previous by thread: What commands can a user execute
- Next by thread: Re: What commands can a user execute
- Index(es):
Relevant Pages
|
