Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Hide all system views/tables from users in SQL server 2005 Expand / Collapse
Author
Message
Posted Thursday, November 26, 2009 2:27 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Wednesday, September 24, 2014 2:52 AM
Points: 11, Visits: 152
Hello,
as you described, that is exact the same situation for me.
I have users who connect via ODBC and MS Access with an SQL Server Navision DB (SQL Server 2005).
They must connect via sql server authenticated login (because they access from outside our domain).
I have implemented a role and grant special select rights to this role. I have tried to deny on schema sys and INFORMATION_SCHEMA etc. but that doesn't work. The users should see only the user tables, but they also are able to sell all sys-views and information_schema views and i am not able to prevent it.
I have looked in web all around but i found no solution for this topic. Therefore a solution for your problem would be a solution for me too.
Thanks for answer
H.Stenner
Post #825101
Posted Thursday, March 15, 2012 11:53 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, May 15, 2013 8:21 AM
Points: 3, Visits: 39
Well it is 2012 March and I am using SQL Server 2008 R2 and having the same problems SQL S 2005 folks 3 yrs ago had. Anyone come across a solution or work around for the part when making a ODBC connection to sql server 2008 r2 dbase that the connection does not show information_schema and sys objects? I see this is still a problem but outside of scripting every object in database 'mssqlsystemresource' as deny(not really what I was looking for). Anyone have anything on this?

Post #1267729
Posted Thursday, March 15, 2012 12:55 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 1:23 PM
Points: 12,927, Visits: 32,330
there's a number of threads here on SSC where the requirement is to remove public permissions in order to comply and lock down a SQL server to DoD standards (google Database Security Checklist for examples).
In that ,we just don't care what breaks.

see this thread for an example:
http://www.sqlservercentral.com/Forums/Topic845604-392-1.aspx#bm845742


and take a look at this link for a more comprehensive script.
http://blogs.technet.com/b/fort_sql/archive/2010/02/04/remove-public-and-guest-permissions.aspx



Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1267765
Posted Thursday, March 15, 2012 1:07 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, May 15, 2013 8:21 AM
Points: 3, Visits: 39
I created a role and am applying the deny select and deny exec for stored proc to that role, not changing the public access. I am not trying to foobar up the dbase as it is vital right now but need to be able to create a secure connection from ODBC giving users only a select set of objects(mainly tables) to access. I have been searching for sometime now this week and have not found something that would fit yet. Have you tried what I am suggesting or trying to do in a quick dev environment? I am thrown from the fact that others over the years have not solved or work around this yet or that this is resolved or a resolve posted on this for sql server 2008 yet, seems to be a basic thing that many would come up against. Simply trying to set up a role and user id that a ODBC can get too and only see a select set of tables or objects in parent dbase.

thanks for your time and knowledge,
Brett
Post #1267771
Posted Thursday, March 15, 2012 1:10 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, May 15, 2013 8:21 AM
Points: 3, Visits: 39
when you use deny VIEW DEFINITION the user cannot see the objects but user can still query(select * from table/view) object if they know the name(s). Again I am using a newly created role and user as not to affect other dbases and systems with this. so this did not work

thanks
Brett
Post #1267775
Posted Wednesday, April 11, 2012 7:35 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, November 29, 2012 8:51 AM
Points: 1, Visits: 11
Hello,
I had the same problems with SQL Server 2008 R2 with ODBC. When connecting to any database all systemviews from db master were shown in addition.
I have done following in the management studio: After selecting db master, properties, I added the role public in rights and revoked "select". That was all!
Did you try this already?

In ODBC-Management "Sql Server native client 10"-driver is a must! With older versions it does not work.
New ODBC-connections can only be created with accounts without "public"-membership!

best regards
Martin


  Post Attachments 
picture.png (25 views, 57.73 KB)
Post #1281529
Posted Wednesday, November 28, 2012 4:16 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, November 13, 2014 8:19 AM
Points: 128, Visits: 367

Image of what the discussion is about.

Steps to limit a user to choose only the Views they have permission for:
1. In Databases, Security, Logins - New Logins
Login Name: GISviewer (password) turn off password enforce policy
Default DB - RegDB User Mapping - RegDB

2. run tsql on the view GISWell
Use RegDB
GRANT SELECT ON vGISWell TO [GISviewer]

3 Open Access - External Data (Native SQL - add server name)
in data source UserName GISViewer Password: .....

Link Tables Result:
Only the dbo.vGISWell shows on top ' desired!
Plus.... Not Desired
All the Information_Schema.check_constraints
All of the sys.all_xxxx See link image above

Did the solution above Work?
Post #1390188
Posted Thursday, November 29, 2012 10:02 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Thursday, November 13, 2014 8:19 AM
Points: 128, Visits: 367
http://support.microsoft.com/kb/2513216
Got to love Microsoft SQL Server Support
After dozens of people asking how to solve this - Microsoft referenced this article.
It sure shows the problem. But, it is the End User (all of them) we shoud educate?

Microsoft warns that deny select to public may have unintended effects - but MS offers no real solution.
Keywords: deny view definition to public
Keywords: deny select to public
Post #1390699
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse