Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Creating the ODBC connection - permissions Expand / Collapse
Author
Message
Posted Friday, October 26, 2007 2:42 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, June 3, 2011 6:29 AM
Points: 26, Visits: 33
Hello All,

I am trying to revoke some permissions (actually revoked) as it was recommended by AppDetective after PCI Audit from public account. And now I have a problem with the regular account creating the ODBC connection from any new computer. All existing are working fine and I could create the ODBC connection if logged in as sql administrator.

Now I returned all permissions that were revoked to our specific group (not to public) and I can create the ODBC connection. But it is not resolving the probem if I need to revoke all dangerous permissions from regular accounts.

Question: Which store proc/table/database should have EXECUTE/SELECT permissions to create ODBC connection to the database that the user has the permissions to connect?

I could list all permissions that I revoked but it is more than 1000. instead of trying to turn on and off each of them, maybe you could help me if you know which permissions should be enabled??

Thank you for any info :)
Post #415625
Posted Wednesday, November 7, 2007 6:42 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:10 PM
Points: 33,095, Visits: 15,202
The login needs to have the connect right. There is no execute stored procedure needed to create the connection. It just needs the ability to connect, a user mapping in the database, or the guest account enabled.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #419872
Posted Wednesday, November 7, 2007 8:46 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, June 3, 2011 6:29 AM
Points: 26, Visits: 33
Nope, the user group had access to the database and had public group rights and data reader/writer for the database. I revoked permissions from public group for some store procedures in master database and lost the ability to create the new ODBC connections (existing ones were still working). I assigned revoked permissions to this specific group instead of public and received my new connections back. So I assume some procedures should have execute rights.
Post #419894
Posted Friday, September 16, 2011 9:44 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, October 24, 2011 7:41 AM
Points: 1, Visits: 17
Hi,

What permissions did you have to grant back to create new OBDC connections?
I am having this issue.
Existing ODBC connections are working - but creating new ones will not allow connection to the database.
I have recently revoked permissions from PUBLIC as part of vulnerability management as recommended by App Detective.
Thanks,
HJ
Post #1176496
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse