Public Role - Access to dtproperties

  • Hi, I'm a new member here and need help.

    I notice that the Public role has full access (Select, Insert, Update, and Delete) to dtproperties by default in SQL Server 2000.

    I've been asked by an external security auditor about this and I'm not sure. What's the impact if I remove the Insert, Update, and Delete rights from Public role to this table? This access is all over on all databases by Public role to dtproperties table, including master database.

    Can anyone please help urgently please? I have to give the answer today.

    Thanks very much.

  • dtproperties stores the information for database diagrams. Internally it's a system table and public by default has access to all system tables. That's why the permissions are set like they are.

    Personally I would say only db_owners and maybe ddl_admins need access to this table, but since it doesn't contain any user data the security risk is not such a big issue.

    [font="Verdana"]Markus Bohse[/font]

  • I agree with the info above. I've never seen this as a security risk.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply