February 6, 2008 at 7:56 pm
Most of these are system stored procedures.
First, don't allow guest or others into msdb, and you can ignore the public permissions there. If a user doesn't have access to the database, it doesn't matter if public has rights.
For the master ones, I think those are used for clustering. Don't let mess with those as you could cause issues.
If you have all your logins mapped to users in the MOSS database, and that's there default, then this shouldn't be an issue.
February 7, 2008 at 9:04 pm
Thanks for the information. I had previously removed the guest account from access to the msdb. So I assume that the public that is granted to those sp's in the msdb is the msdb public role. Does that public role tie into global public role of the instance? If then even though if I remove guest access, wouldn't users that have accounts in the instance still have public access to the sp's. Luckily with MOSS we plan to only create service accounts in the database so access should be limited to admin and service accounts, I am just trying to think ahead for other SQL deployments.
February 8, 2008 at 6:45 am
There is no global public role. There's only a public role in each database and you can't remove that role. I wouldn't think any system functions relied on that, but I wouldn't mess with the permissions for public (removing permissions) in system databases.
Viewing 3 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply