RE: What commands can a user execute
- From: Cqlboy <Cqlboy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 11 Aug 2008 10:44:04 -0700
Thanks. According to our IT group, he's a member of a couple groups which
I'm pretty sure doesn't have higher privledges. I'll double check on that.
Thanks.
-CqlBoy
"Linchi Shea" wrote:
.learned from a security monitoring script which logs security events that a
member from this NT Group created and dropped a database. How ???
Maybe, he is a member of some other domain group that has the permission to
create database. Note that the owner of a database can always drop that
database.
Linchi
"Cqlboy" wrote:
I have user access SQL Server 2005 via a Windows NT Group which is not mapped
to any server roles but is a db_owner in almost all databases. I just
learned from a security monitoring script which logs security events that a
member from this NT Group created and dropped a database. How ???
Inspecting sp_srvrolepermission
and sp_dbfixedrolepermission I find that only the dbcreation server role has
the permission to create/drop a database which, again, my NT Group is not
mapped to.
How do I determine an NT Groups permissions and more importantly, which
commands they can execute ? Thanks. -CqlBoy
fn_my_permissions(NULL, 'Database')
sp_srvrolepermission
sp_dbfixedrolepermission
select sl.*
from master.sys.syslogins sl
left join sys.database_role_members rm on
user_name(rm.member_principal_id) = sl.loginname
- References:
- What commands can a user execute
- From: Cqlboy
- RE: What commands can a user execute
- From: Linchi Shea
- What commands can a user execute
- Prev by Date: Re: Permission to restore databases and access them without being
- Next by Date: Re: What commands can a user execute
- Previous by thread: RE: What commands can a user execute
- Next by thread: Jobs, Interview Questions, Certification, Knowledge
- Index(es):
Relevant Pages
|
