I have given required permission with these commands

create login 'james' with password = 'xxx'

go

use MyDB

go

create user james for login james

go

grant select on [vw_paymen] t to james

after that

i have log on with james..he can see all database names and logins ( he can not able to access)..he can acess system databases..even user can query system databases..how can i restrict?? is it secured..??