Re: Mystery SQL database access
- From: "Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Mar 2009 07:32:46 -0500
The login does not have any user database access. The login is not part of
any server roles. In spite of this, the login is connecting to a database
and executing stored procedures from a remote server.
Perhaps the user is a member of the sysadmin server role. This will give full permissions in all databases on the server.
--
Hope this helps.
Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/
"SusanMSDN" <SusanMSDN@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EDE34038-E6C6-42F3-9967-96184216571F@xxxxxxxxxxxxxxxx
I am in the process of analyzing an existing SQL Server 2000 implementation.
I am currently looking at the security and have found something I can't
explain.
I see a standard SQL Server login.
The login does not have any user database access. The login is not part of
any server roles. In spite of this, the login is connecting to a database
and executing stored procedures from a remote server.
I do see an entry in the public group in the database which is
'\loginid'...don't understand what this is.
The guest account does not exist in the database.
No permission to execute sps has been granted to public so even if the
standard id is somehow tied to the entry in public it should not have perms
to execute anything.
The Windows server does not have an local ids similarily named.
I have run out of ideas here.....any thoughts?
Thanks in advance.
Susan
.
- References:
- Mystery SQL database access
- From: SusanMSDN
- Mystery SQL database access
- Prev by Date: RE: Mystery SQL database access
- Next by Date: RE: No manageable attributes on files of backed up keys and certif
- Previous by thread: RE: Mystery SQL database access
- Next by thread: Re: Mystery SQL database access
- Index(es):
Relevant Pages
|
