Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Limit Access to Databases in Enterprise Manager


Limit Access to Databases in Enterprise Manager

Author
Message
Nomis-332058
Nomis-332058
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 32
I have created a user account that has access to a specific database. When that user logs in via Enterprise Manager, they see the database, and 3 others (there are a couple dozen on the server). If I remove their access to the specific database and the user refreshes, that database goes away but the other 3 remain.

I have not assigned access to the other databases. Any ideas on how to remove these 3 tables from the user's access?

Thx.
Greg Charles
Greg Charles
SSCarpal Tunnel
SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)

Group: General Forum Members
Points: 4089 Visits: 5823
Are the other three databases master, msdb, and tempdb? The guest user is enabled by default in those system databases.

Greg
Nomis-332058
Nomis-332058
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 32
Nope. They are other custom databases. The user is not in their security settings though.
Greg Charles
Greg Charles
SSCarpal Tunnel
SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)SSCarpal Tunnel (4.1K reputation)

Group: General Forum Members
Points: 4089 Visits: 5823
Is it a domain login that is a member of a Windows group that has access to the 3 databases?

Greg
Nomis-332058
Nomis-332058
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 32
Hey Greg.

We are not on a domain structure. Novell here Sick

-- Bryan
Bryansky
Bryansky
Right there with Babe
Right there with Babe (732 reputation)Right there with Babe (732 reputation)Right there with Babe (732 reputation)Right there with Babe (732 reputation)Right there with Babe (732 reputation)Right there with Babe (732 reputation)Right there with Babe (732 reputation)Right there with Babe (732 reputation)

Group: General Forum Members
Points: 732 Visits: 438
I think that users can only see the other database in EM but when they try to open/expand those databases, it will just prompt him that he/she is not a valid user on that database. he/she can only open/expand the database where he has granted access.

:-)Cool
Lester Policarpio
Lester Policarpio
SSC-Addicted
SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)SSC-Addicted (407 reputation)

Group: General Forum Members
Points: 407 Visits: 2459
If the Server in the enterprise manager in the users computer is registered using the user "sa" then he can access all the databases even restricting him since the server in his EM is registered with sys admin rights. You can unregister the server in his EM, register it again using the user account you've made (not sa) then he can only view the database were his username has access to.

"-=Still Learning=-"

Lester Policarpio
Keith Langmead
Keith Langmead
SSC-Enthusiastic
SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)SSC-Enthusiastic (152 reputation)

Group: General Forum Members
Points: 152 Visits: 428
If you're just trying to limit the number of databases that a user sees to those that they actually have access to, you might want to consider installing this updated version of the sp_MSdbuseraccess stored procedure :

http://support.microsoft.com/kb/889696/en-us

Essentially, when EM populates the list of databases it goes through sysdatabases and pulls out each database name it finds. With the modified version it also adds a check to see if the user has access to each database, and only displays those which return as true.

Note that this only works through Enterprise Manager, a user connecting from 2000 Query Manager or 2005 Management Studio will still see all the db's since they use different methods to get the database list, so doesn't ensure users cannot see which other databases are in place, but does at least reduce the number of non-relevant databases they are shown.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search