Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 


 
     
Recent Posts
   
Popular Topics
Home   
Search
    Members    Calendar    Who's On

Home » SQL Server 2008 » Security (SS2K8) » How can i apply Deny Permission regarding...
Add to briefcase

How can i apply Deny Permission regarding sys.database and sys.tables etc to users ? Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
maida_rh
Posted Tuesday, January 01, 2013 10:45 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Yesterday @ 11:58 PM
Points: 42, Visits: 97
I need urgent help regarding permissions:

Restrict the the user for viewing,updating,inserting,selection and creation of tables ,stored procedures,views ?
Restrict user to access only specified database ?

I have done above successfully except below :

Restrict user to excute query like i.e. select * from sys.database or sys.tables and any other query that user can execute and know the database schema ?
as users can get list of tables and known the column names which i can't allow.

Windows authentication not allowed ?


kindly help me out




Post #1401655
foxxo
Posted Tuesday, January 01, 2013 11:43 PM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Today @ 4:49 AM
Points: 700, Visits: 1,038
The user will be able to run the queries, but they will get 0 results unless you specifically grant them access to the specified table.
eg. 
SELECT * FROM sys.tables

will return 0 results for any new user without any permissions other than CONNECT or the public database role (as long as that role has no other permissions granted to it).
Post #1401668
opc.three
Posted Wednesday, January 02, 2013 7:39 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 2:56 PM
Points: 6,718, Visits: 11,753
By default all users are a member of the Fixed Server Role public, and this cannot be changed. Also by default, all members public can see all databases on the instance, i.e. they can see that they exist, but cannot access them. UNlike the way sys.tables works where if you do not have any permission to work with the table you cannot see it in the sys.tables view, even if a login has no permissions to work in a database they can still see the database in sys.databases.

You can DENY the VIEW ANY DATABASE permission from the login if you want to prevent them from seeing any databases, but they will also not see databases they actually have access too, so be sure that is what you want.

DENY VIEW ANY DATABASE TO [login_name_here];

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato

Believe you can and you're halfway there. --Theodore Roosevelt

Everything Should Be Made as Simple as Possible, But Not Simpler --Albert Einstein

The significant problems we face cannot be solved at the same level of thinking we were at when we created them. --Albert Einstein

1 apple is not exactly 1/8 of 8 apples. Because there are no absolutely identical apples. --Giordy
Post #1401843
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse

 
 
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.