Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

How can i apply Deny Permission regarding sys.database and sys.tables etc to users ? Expand / Collapse
Posted Tuesday, January 1, 2013 10:45 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, March 13, 2014 7:39 AM
Points: 46, Visits: 111
I need urgent help regarding permissions:

Restrict the the user for viewing,updating,inserting,selection and creation of tables ,stored procedures,views ?
Restrict user to access only specified database ?

I have done above successfully except below :

Restrict user to excute query like i.e. select * from sys.database or sys.tables and any other query that user can execute and know the database schema ?
as users can get list of tables and known the column names which i can't allow.

Windows authentication not allowed ?

kindly help me out

Post #1401655
Posted Tuesday, January 1, 2013 11:43 PM



Group: General Forum Members
Last Login: Monday, December 5, 2016 9:41 PM
Points: 1,961, Visits: 2,216
The user will be able to run the queries, but they will get 0 results unless you specifically grant them access to the specified table.
SELECT * FROM sys.tables

will return 0 results for any new user without any permissions other than CONNECT or the public database role (as long as that role has no other permissions granted to it).
Post #1401668
Posted Wednesday, January 2, 2013 7:39 AM



Group: General Forum Members
Last Login: Today @ 2:36 AM
Points: 7,933, Visits: 14,357
By default all users are a member of the Fixed Server Role public, and this cannot be changed. Also by default, all members public can see all databases on the instance, i.e. they can see that they exist, but cannot access them. UNlike the way sys.tables works where if you do not have any permission to work with the table you cannot see it in the sys.tables view, even if a login has no permissions to work in a database they can still see the database in sys.databases.

You can DENY the VIEW ANY DATABASE permission from the login if you want to prevent them from seeing any databases, but they will also not see databases they actually have access too, so be sure that is what you want.

DENY VIEW ANY DATABASE TO [login_name_here];

There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1401843
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse