SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Creating the ODBC connection - permissions


Creating the ODBC connection - permissions

Author
Message
Iryna Roy
Iryna Roy
SSC Rookie
SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)

Group: General Forum Members
Points: 42 Visits: 33
Hello All,

I am trying to revoke some permissions (actually revoked) as it was recommended by AppDetective after PCI Audit from public account. And now I have a problem with the regular account creating the ODBC connection from any new computer. All existing are working fine and I could create the ODBC connection if logged in as sql administrator.

Now I returned all permissions that were revoked to our specific group (not to public) and I can create the ODBC connection. But it is not resolving the probem if I need to revoke all dangerous permissions from regular accounts.

Question: Which store proc/table/database should have EXECUTE/SELECT permissions to create ODBC connection to the database that the user has the permissions to connect?

I could list all permissions that I revoked but it is more than 1000. instead of trying to turn on and off each of them, maybe you could help me if you know which permissions should be enabled??

Thank you for any info Smile
Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62861 Visits: 19111
The login needs to have the connect right. There is no execute stored procedure needed to create the connection. It just needs the ability to connect, a user mapping in the database, or the guest account enabled.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Iryna Roy
Iryna Roy
SSC Rookie
SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)SSC Rookie (42 reputation)

Group: General Forum Members
Points: 42 Visits: 33
Nope, the user group had access to the database and had public group rights and data reader/writer for the database. I revoked permissions from public group for some store procedures in master database and lost the ability to create the new ODBC connections (existing ones were still working). I assigned revoked permissions to this specific group instead of public and received my new connections back. So I assume some procedures should have execute rights.
h.J
h.J
Forum Newbie
Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)

Group: General Forum Members
Points: 7 Visits: 17
Hi,

What permissions did you have to grant back to create new OBDC connections?
I am having this issue.
Existing ODBC connections are working - but creating new ones will not allow connection to the database.
I have recently revoked permissions from PUBLIC as part of vulnerability management as recommended by App Detective.
Thanks,
HJ
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search