Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Trying to Add User with Access to One Stored Procedure Expand / Collapse
Author
Message
Posted Friday, April 5, 2013 1:31 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Tuesday, August 19, 2014 3:12 PM
Points: 227, Visits: 459
I am trying to add a user in SQL 2000. I only want them to be able to execute one stored procedure in one database. My problem is that the new user can also see the system databases and the SQL logins. Not only that, but they are able to make modifications to the aforementioned areas. What am I missing to clamp it down to where I want it? I am using GUI, but I will be happy to use a T-SQL solution.

Thanks.

Steve
Post #1439450
Posted Friday, April 5, 2013 1:45 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 1:24 PM
Points: 12,906, Visits: 31,984
it sounds like the user in question has a LOGIN which was granted sysadmin privileges.

i don't have QA available for SQL2000 anymore, but you can go to the properties of the login and uncheck a checkbox to remove that over-reaching privilege.
once that is done, the regular permissions you've added will apply as expected.


Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1439454
Posted Friday, April 5, 2013 2:27 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Tuesday, August 19, 2014 3:12 PM
Points: 227, Visits: 459
I have all of the server roles unchecked. All tables have public checked and it won't let me uncheck them. I can't seem to find a property that is enabled giving this user sysadmin type access. Is there something I am missing? I will be glad to provide pictures if needed.

Thanks.

Post #1439476
Posted Friday, April 5, 2013 2:34 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 1:24 PM
Points: 12,906, Visits: 31,984
it might not be obvious;
for example, if it's a windows account, ie mydomain\lowell has too much access, it's probably because i'm in a windows group
that has direct or implied access

SQL 2000 still uses the Builtin\Administrators group, so it might be the user is a local admin on the box, which auto-magically grants sysadmin..


it might be a domain group.
you can check that with an extended stored procedure:
modify either of these commands to check a specific user, or a group:
EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all' -- Show all paths a user gets his auth from

EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members' -- show group members




Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1439485
Posted Friday, April 5, 2013 2:42 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Tuesday, August 19, 2014 3:12 PM
Points: 227, Visits: 459
My apologies for not mentioning that this is an SQL authentication account, not a Windows account.
Post #1439490
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse