RE: Enable 'Allow modifications to be made directly to the system catalogs'

SSC Guru

Points: 323504

January 11, 2010 at 3:22 pm

#1102080

ok i think i'm following along; i created a brand new database in SQL 2005, and ran the following script to generate the revoke statements; i think the difference for me is i'm specifically getting the schema name of the objects as well, and that is allowing me to drop access to things like sys.all_columns:

--CREATE DATABASE [SandBox]

GO

USE [SandBox]

SELECT

'REVOKE ' + convert(varchar(50),x.[Action])

+ ' on ' + x.[Schema]

+ '.' + convert(varchar(50),x.[Object])

+ ' TO ' + convert(varchar(50),x.[User]) COLLATE Latin1_General_CI_AS

FROM (

SELECT

u.name COLLATE Latin1_General_CI_AS AS 'User',

schema_name(o.schema_id) As 'Schema',

o.name COLLATE Latin1_General_CI_AS AS 'Object' ,

p.permission_name COLLATE Latin1_General_CI_AS AS 'Action'

--into tmp

FROM sys.database_permissions p, sys.database_principals u, sys.all_objects o

WHERE o.object_id = p.major_id

AND p.grantee_principal_id = u.principal_id

AND p.grantee_principal_id IN (0, 2)

) X

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!