How can i apply Deny Permission regarding sys.database and sys.tables etc to users ?

  • I need urgent help regarding permissions:

    Restrict the the user for viewing,updating,inserting,selection and creation of tables ,stored procedures,views ?

    Restrict user to access only specified database ?

    I have done above successfully except below :

    Restrict user to excute query like i.e. select * from sys.database or sys.tables and any other query that user can execute and know the database schema ?

    as users can get list of tables and known the column names which i can't allow.

    Windows authentication not allowed ?

    kindly help me out 🙁

  • The user will be able to run the queries, but they will get 0 results unless you specifically grant them access to the specified table.

    eg. SELECT * FROM sys.tables will return 0 results for any new user without any permissions other than CONNECT or the public database role (as long as that role has no other permissions granted to it).

  • By default all users are a member of the Fixed Server Role public, and this cannot be changed. Also by default, all members public can see all databases on the instance, i.e. they can see that they exist, but cannot access them. UNlike the way sys.tables works where if you do not have any permission to work with the table you cannot see it in the sys.tables view, even if a login has no permissions to work in a database they can still see the database in sys.databases.

    You can DENY the VIEW ANY DATABASE permission from the login if you want to prevent them from seeing any databases, but they will also not see databases they actually have access too, so be sure that is what you want.

    DENY VIEW ANY DATABASE TO [login_name_here];

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply