Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL Server Security: Fixed Roles Expand / Collapse
Author
Message
Posted Saturday, October 18, 2003 12:00 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Friday, November 14, 2014 7:14 AM
Points: 6,625, Visits: 1,876
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/bkelley/sqlserversecurityfixedroles.asp

K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #17399
Posted Sunday, November 2, 2003 12:49 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, February 11, 2009 12:05 PM
Points: 137, Visits: 3
Great article!!

I was wondering, what security setup do you put in place for your development environments? I have been trying to set up a development environment without giving the developers sysadmin rights, but most of our developers create DTS packages which make it hard to share development. I do not want to use SQL logins to get around this.

Thanks

Dean Christie

Edited by - dmc-co on 11/04/2003 12:35:31 PM



Post #83824
Posted Friday, May 4, 2007 1:11 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, July 9, 2013 9:25 AM
Points: 29, Visits: 13
That is indeed a good article, in future looking forward to read some more on same topic


Kindest Regards,
Jaiprakash M Bankolli
My Blog
Suggestions for me
Post #363228
Posted Friday, May 4, 2007 4:44 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Wednesday, November 12, 2014 3:27 PM
Points: 66, Visits: 537
why did you republished 2003 article?
Post #363253
Posted Friday, May 4, 2007 7:27 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 3:11 PM
Points: 31,368, Visits: 15,837
We republish popular articles periodically. It gives new people to the site a chance to catch them.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #363280
Posted Friday, May 4, 2007 3:47 PM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Wednesday, November 26, 2014 9:53 AM
Points: 3,475, Visits: 584

Yah.

I set an sp as a startup, created a login Hacker with access to Master as db_datawriter, db_datareader and db_ddladmin. Connected as Hacker user in Management Studio I was able to modify the stored procedure to add a line for adding this Hacker to Sysadmin role. I did re-check that the Hacker person did not have ANY server roles.

I was able to restart the SQL Server from Management Studio connected to SQL Server as Hacker. After I restarted the service the Hacker person was a sysadmin. While I can find the explanation that I was able to restart the service (Management Studio is run under the logged in user process that is a Windows login and my Windows login has admin rights) I find the whole thing sort of ... you know. I will re-test it Monday just to make sure. My SQL Server is 2005 RTM. I will re-test on SP 1 and SP2.

 




Regards,
Yelena Varshal

Post #363460
Posted Sunday, May 6, 2007 6:12 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, October 27, 2009 4:03 PM
Points: 68, Visits: 44
It would be nice to put links in this old article to articles you published (later)which deal with SS 2005. And links to articles about fixed database roles and server logins  - because all these go in a package ... Or I'm wrong?




Post #363553
Posted Monday, May 7, 2007 7:15 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, May 28, 2010 9:56 AM
Points: 77, Visits: 248
I actually just ran into a "problem" involving the server roles in SQL Server 2000 (and I believe 2005). We have a VB application used in house, and users have a SQL Server login. Logging in the application uses the user_name() function. Some of our users also belong to server roles. We've found that for those users, user_name() returns "dbo" instead of their user name. Instead, we apparently need to use something like system_user to return their actual user name. This seems stupid really, but apparently is a known issue? It was news to us, and now we need to change a good number of our stored procedures. Bah!
Post #363638
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse