SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Public Role - Access to dtproperties


Public Role - Access to dtproperties

Author
Message
cweunong
cweunong
Forum Newbie
Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)

Group: General Forum Members
Points: 7 Visits: 9
Hi, I'm a new member here and need help.

I notice that the Public role has full access (Select, Insert, Update, and Delete) to dtproperties by default in SQL Server 2000.

I've been asked by an external security auditor about this and I'm not sure. What's the impact if I remove the Insert, Update, and Delete rights from Public role to this table? This access is all over on all databases by Public role to dtproperties table, including master database.

Can anyone please help urgently please? I have to give the answer today.

Thanks very much.
MarkusB
MarkusB
SSCertifiable
SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)

Group: General Forum Members
Points: 5835 Visits: 4208
dtproperties stores the information for database diagrams. Internally it's a system table and public by default has access to all system tables. That's why the permissions are set like they are.
Personally I would say only db_owners and maybe ddl_admins need access to this table, but since it doesn't contain any user data the security risk is not such a big issue.

Markus Bohse
Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62799 Visits: 19111
I agree with the info above. I've never seen this as a security risk.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search