Home Forums SQL Server 2008 Security (SS2K8) Revoking public Role Permissions not working RE: Revoking public Role Permissions not working

  • February 19, 2013 at 12:25 pm

    #1589334

    I had tested it by creating a new login and then creating a new user in the database with no permissions (all public permissions except for the ones I'm dealing with have already been revoked):

    USE [master];

    CREATE LOGIN [ClarkKent2] WITH PASSWORD=N'<SomeSecurePassword>';

    USE [MyDb];

    CREATE USER [ClarkKent2] FOR LOGIN [ClarkKent2];

    Then I connect to a new query window with the new user and execute the following getting a 229 "SELECT permission was denied...":

    USE MyDb;

    SELECT *

    FROM [INFORMATION_SCHEMA].[CHECK_CONSTRAINTS];

    I also just took your suggestions and after first granting SELECT permissions to public for sys.database_permissions, sys.database_principals, and sys.database_role_members - your 2nd query returned a single row with a GRANT CONNECT DATABASE for ClarkKent. If I run your query as the ClarkKent2 user I created, I get back the same GRANT CONNECT DATABASE single row result.

    If I run the finding query again, I still report the 17 INFORMATION_SCHEMA objects.