<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2008
»
SQL Server Newbies
»
Do Users based on logins in master have...
33 posts, Page 1 of 4
1
2
3
4
»
»»
Do Users based on logins in master have access to other databases?
Rate Topic
Display Mode
Topic Options
Author
Message
clintonG
clintonG
Posted Thursday, March 14, 2013 7:58 PM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, March 20, 2013 9:02 PM
Points: 33,
Visits: 37
When I create a user and select master as the default database does that mean or imply that user can login to other databases on the same instance of SQLExpress 2012? If so how is a user created that can only login to a specific database?
I understand a User can be mapped to a specific database but in certain circumstances the User must be created manually --before the database-- because the database the User is logging into is being generated by a sql script generated by a tool; Visual Studio LightSwitch 2012 to be specific.
Lots of generation going on except in my brain. lol
Post #1431330
arunyadav007
arunyadav007
Posted Friday, March 15, 2013 12:45 AM
SSC Rookie
Group: General Forum Members
Last Login: Friday, May 03, 2013 3:06 AM
Points: 42,
Visits: 285
If you create a login and set 'master' as default database then, the user will only be created in the master database. The login/user will not have access to any of the user/system databases untill and unless you map the user to other databases. Upon trying to access any other database it should result into the belwo error:
TITLE: Microsoft SQL Server Management Studio
------------------------------
The database 'MyUserDB' is not accessible. (ObjectExplorer)
------------------------------
Post #1431373
OTF
OTF
Posted Friday, March 15, 2013 5:34 AM
SSC Veteran
Group: General Forum Members
Last Login: Today @ 3:17 AM
Points: 254,
Visits: 3,715
clintonG (3/14/2013)
I understand a User can be mapped to a specific database but in certain circumstances the User must be created manually --before the database-- because the database the User is logging into is being generated by a sql script generated by a tool; Visual Studio LightSwitch 2012 to be specific.
Unless I'm reading this incorrectly, how would LightSwitch create a user before the database actually exists unless, maybe, you are referring to Logins?
Post #1431473
Divine Flame
Divine Flame
Posted Friday, March 15, 2013 6:55 AM
Ten Centuries
Group: General Forum Members
Last Login: Friday, May 17, 2013 2:00 PM
Points: 1,076,
Visits: 1,914
clintonG (3/14/2013)
When I create a user and select master as the default database does that mean or imply that user can login to other databases on the same instance of SQLExpress 2012? If so how is a user created that can only login to a specific database?
I understand a User can be mapped to a specific database but in certain circumstances the User must be created manually --before the database-- because the database the User is logging into is being generated by a sql script generated by a tool; Visual Studio LightSwitch 2012 to be specific.
Lots of generation going on except in my brain. lol
Only a login can have the "default_database" setting, a user cannot. Default database setting let you choose a database which this login will be connected to whenever he logins into SQL Server (If the user has not specified any database name explicitly).
Logins & Users are completely different from each other. Logins are create at server scope whereas users are created in database scope.
So, You can create users only after the database is created.
Another important thing to note here is, though SQL Server allows you to set [master] database as the default_database for new logins that you are creating, it doesn't mean they will be granted access to master database as a user. [master] database will just work as a landing database for them, nothing else.
For more information on this you can check below link:
Logins & Users in SQL Server
- Divine Flame
Post #1431512
clintonG
clintonG
Posted Friday, March 15, 2013 2:46 PM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, March 20, 2013 9:02 PM
Points: 33,
Visits: 37
I've been reading BOL but the nuance you provided is not there so thanks for some added clarification.
Post #1431762
kevaburg
kevaburg
Posted Sunday, March 17, 2013 7:05 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Today @ 12:27 AM
Points: 145,
Visits: 176
Logins created within the instance have by default no automatic access to any database within that instance. Each created user needs to be explicitly mapped to a database and assigned roles as appropriate.
The master database contains the structures of the databases on the instance and access to it does not imply access to other databases. It is really worth reading the security articles pertaining to fixed server roles and database level permissions to ensure to don't end up opening a security hole where you don't want one.
Post #1431978
clintonG
clintonG
Posted Sunday, March 17, 2013 8:45 AM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, March 20, 2013 9:02 PM
Points: 33,
Visits: 37
kevaburg (3/17/2013)
Logins created within the instance have by default no automatic access to any database within that instance. Each created user needs to be explicitly mapped to a database and assigned roles as appropriate.
The master database contains the structures of the databases on the instance and access to it does not imply access to other databases. It is really worth reading the security articles pertaining to fixed server roles and database level permissions to ensure to don't end up opening a security hole where you don't want one.
Thanks for comments.
I've been reading more about security and fixed server roles.
This article explains how my endeavor may be futile anyway...
http://www.netspi.com/blog/2012/08/16/sql-server-2008-local-administrator-privilege-escalation/
However all I really need to do is disallow Users from deleting data while using a LightSwitch app and I will continue to read and learn how to do so
Post #1431988
Lynn Pettis
Lynn Pettis
Posted Sunday, March 17, 2013 12:12 PM
SSC-Insane
Group: General Forum Members
Last Login: Today @ 12:02 AM
Points: 21,596,
Visits: 27,415
clintonG (3/17/2013)
kevaburg (3/17/2013)
Logins created within the instance have by default no automatic access to any database within that instance. Each created user needs to be explicitly mapped to a database and assigned roles as appropriate.
The master database contains the structures of the databases on the instance and access to it does not imply access to other databases. It is really worth reading the security articles pertaining to fixed server roles and database level permissions to ensure to don't end up opening a security hole where you don't want one.
Thanks for comments.
I've been reading more about security and fixed server roles.
This article explains how my endeavor may be futile anyway...
http://www.netspi.com/blog/2012/08/16/sql-server-2008-local-administrator-privilege-escalation/
However all I really need to do is disallow Users from deleting data while using a LightSwitch app and I will continue to read and learn how to do so
Let's make it easier for others to read:
http://www.netspi.com/blog/2012/08/16/sql-server-2008-local-administrator-privilege-escalation/
Lynn Pettis
For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here
or
when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here
and
here
Managing Transaction Logs
SQL Musings from the Desert
Fountain Valley SQL
(My Mirror Blog)
Post #1432005
GilaMonster
GilaMonster
Posted Sunday, March 17, 2013 12:25 PM
SSC-Dedicated
Group: General Forum Members
Last Login: Today @ 4:16 AM
Points: 37,675,
Visits: 29,930
clintonG (3/17/2013)
However all I really need to do is disallow Users from deleting data while using a LightSwitch app and I will continue to read and learn how to do so
Let me simplify...
If the database is on the user's machine and the user has local administrator permissions, there is nothing you can do to keep that user out of the database if they want access. You can slow them down, that's all.
If you want to restrict access, the database needs to be on a server. The bear minimum of people must be admin of that server (typically sysadmins and maybe DBAs), the users then have logins to SQL and only the rights you want to give them.
TL;DR If you give the database to someone (put it on their machine), they can do what they like.
Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild
: Discussions on DB performance with occasional diversions into recoverability
We walk in the dark places no others will enter
We stand on the bridge and no one may pass
Post #1432007
clintonG
clintonG
Posted Sunday, March 17, 2013 2:39 PM
SSC Rookie
Group: General Forum Members
Last Login: Wednesday, March 20, 2013 9:02 PM
Points: 33,
Visits: 37
[quote
...
...
TL;DR If you give the database to someone (put it on their machine), they can do what they like.[/quote]
This and similar projects use P2P LANs. The SQLExpress database will be intsalled on a share of a Windows7 machine and the LightSwitch client installed on other Windows7 machines will use a connection string to use the database.
That's the architecture I have to work with. So where things are at for me right now I am looking at creating a Role that does not allow delete and I will add users to that role. If that's the best I can do that will have to do.
Post #1432026
« Prev Topic
|
Next Topic »
33 posts, Page 1 of 4
1
2
3
4
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
