Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Trying to Add User with Access to One Stored Procedure Expand / Collapse
Author
Message
Posted Friday, April 5, 2013 1:31 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, December 14, 2015 12:43 PM
Points: 278, Visits: 526
I am trying to add a user in SQL 2000. I only want them to be able to execute one stored procedure in one database. My problem is that the new user can also see the system databases and the SQL logins. Not only that, but they are able to make modifications to the aforementioned areas. What am I missing to clamp it down to where I want it? I am using GUI, but I will be happy to use a T-SQL solution.

Thanks.

Steve
Post #1439450
Posted Friday, April 5, 2013 1:45 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 12:02 PM
Points: 13,971, Visits: 36,270
it sounds like the user in question has a LOGIN which was granted sysadmin privileges.

i don't have QA available for SQL2000 anymore, but you can go to the properties of the login and uncheck a checkbox to remove that over-reaching privilege.
once that is done, the regular permissions you've added will apply as expected.


Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!
Post #1439454
Posted Friday, April 5, 2013 2:27 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, December 14, 2015 12:43 PM
Points: 278, Visits: 526
I have all of the server roles unchecked. All tables have public checked and it won't let me uncheck them. I can't seem to find a property that is enabled giving this user sysadmin type access. Is there something I am missing? I will be glad to provide pictures if needed.

Thanks.

Post #1439476
Posted Friday, April 5, 2013 2:34 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 12:02 PM
Points: 13,971, Visits: 36,270
it might not be obvious;
for example, if it's a windows account, ie mydomain\lowell has too much access, it's probably because i'm in a windows group
that has direct or implied access

SQL 2000 still uses the Builtin\Administrators group, so it might be the user is a local admin on the box, which auto-magically grants sysadmin..


it might be a domain group.
you can check that with an extended stored procedure:
modify either of these commands to check a specific user, or a group:
EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all' -- Show all paths a user gets his auth from

EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members' -- show group members




Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!
Post #1439485
Posted Friday, April 5, 2013 2:42 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, December 14, 2015 12:43 PM
Points: 278, Visits: 526
My apologies for not mentioning that this is an SQL authentication account, not a Windows account.
Post #1439490
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse