Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Public Role - Access to dtproperties Expand / Collapse
Author
Message
Posted Wednesday, November 07, 2007 9:31 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, July 15, 2009 1:34 PM
Points: 1, Visits: 9
Hi, I'm a new member here and need help.

I notice that the Public role has full access (Select, Insert, Update, and Delete) to dtproperties by default in SQL Server 2000.

I've been asked by an external security auditor about this and I'm not sure. What's the impact if I remove the Insert, Update, and Delete rights from Public role to this table? This access is all over on all databases by Public role to dtproperties table, including master database.

Can anyone please help urgently please? I have to give the answer today.

Thanks very much.
Post #419676
Posted Wednesday, November 07, 2007 10:25 AM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Thursday, April 03, 2014 8:27 AM
Points: 4,432, Visits: 4,155
dtproperties stores the information for database diagrams. Internally it's a system table and public by default has access to all system tables. That's why the permissions are set like they are.
Personally I would say only db_owners and maybe ddl_admins need access to this table, but since it doesn't contain any user data the security risk is not such a big issue.


Markus Bohse
Post #419701
Posted Wednesday, November 07, 2007 6:36 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 11:24 AM
Points: 32,781, Visits: 14,942
I agree with the info above. I've never seen this as a security risk.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #419865
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse