May 3, 2011 at 6:53 am
Hi
We have a requirement to deny the execute, select and grant permissions for the Public role. This is a security requirement defined by a governing agency.
Can this be done and if so are there issues associated with doing this ?
Am a beginner with SQl Server so please forgive if this is a basic question.
Thanks
May 3, 2011 at 8:28 am
i've seen this same requirement in other posts; we could google to find the original thread itself, but I wrote this snippet in response; this generates all the revoke commands to remove access to PUBLIC and GUEST.
That is what you are after i believe:
SELECT
'REVOKE ' + convert(varchar(50),x.[Action])
+ ' on ' + x.[Schema]
+ '.' + convert(varchar(50),x.[Object])
+ ' TO ' + convert(varchar(50),x.[User]) COLLATE Latin1_General_CI_AS
FROM (
SELECT
u.name COLLATE Latin1_General_CI_AS AS 'User',
schema_name(o.schema_id) As 'Schema',
o.name COLLATE Latin1_General_CI_AS AS 'Object' ,
p.permission_name COLLATE Latin1_General_CI_AS AS 'Action'
--into tmp
FROM sys.database_permissions p, sys.database_principals u, sys.all_objects o
WHERE o.object_id = p.major_id
AND p.grantee_principal_id = u.principal_id
AND p.grantee_principal_id IN (0, 2)
) X
Lowell
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply