RE: What commands can a user execute
- From: Linchi Shea <LinchiShea@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Aug 2008 17:18:00 -0700
learned from a security monitoring script which logs security events that a
member from this NT Group created and dropped a database. How ???
Maybe, he is a member of some other domain group that has the permission to
create database. Note that the owner of a database can always drop that
database.
Linchi
"Cqlboy" wrote:
I have user access SQL Server 2005 via a Windows NT Group which is not mapped.
to any server roles but is a db_owner in almost all databases. I just
learned from a security monitoring script which logs security events that a
member from this NT Group created and dropped a database. How ???
Inspecting sp_srvrolepermission
and sp_dbfixedrolepermission I find that only the dbcreation server role has
the permission to create/drop a database which, again, my NT Group is not
mapped to.
How do I determine an NT Groups permissions and more importantly, which
commands they can execute ? Thanks. -CqlBoy
fn_my_permissions(NULL, 'Database')
sp_srvrolepermission
sp_dbfixedrolepermission
select sl.*
from master.sys.syslogins sl
left join sys.database_role_members rm on
user_name(rm.member_principal_id) = sl.loginname
- Follow-Ups:
- RE: What commands can a user execute
- From: Cqlboy
- RE: What commands can a user execute
- References:
- What commands can a user execute
- From: Cqlboy
- What commands can a user execute
- Prev by Date: Re: What commands can a user execute
- Next by Date: Re: What commands can a user execute
- Previous by thread: Re: What commands can a user execute
- Next by thread: RE: What commands can a user execute
- Index(es):
Relevant Pages
|
