Post reply

Deny db_name(), @@Version and related

  • July 17, 2014 at 12:28 pm

    #291167

    Hello!

    Please, how do I deny SELECT on DB_NAME(), @@VERSION, SYSTEM_USER(), @@SERVERNAME, IS_SRVROLEMEMBER and more to an SQL login?

    Thanks!

  • July 19, 2014 at 6:11 am

    #1730823

    All I can think of is to deny SELECT in general and only allow EXECUTE.

    However, I don't know if this will also work for system variables.


    Lutz
    A pessimist is an optimist with experience.

    How to get fast answers to your question[/url]
    How to post performance related questions[/url]
    Links for Tally Table [/url] , Cross Tabs [/url] and Dynamic Cross Tabs [/url], Delimited Split Function[/url]

  • July 19, 2014 at 7:01 am

    #1730825

    Deny select doesn't work for the system functions. And you can't deny execute on the functions such as @@servername because it will invoke an error.

    I don't see any documentation on what the minimum permissions are to be able to execute those functions.

    You might try to harden the server with regards to the public role. But that is risky and I have seen more than a few clients who have messed up their server by doing it wrong.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

  • July 19, 2014 at 7:17 am

    #1730827

    May I ask why? What is the root problem you're trying to solve here?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply