Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Enable 'Allow modifications to be made directly to the system catalogs'


Enable 'Allow modifications to be made directly to the system catalogs'

Author
Message
falcon59x
falcon59x
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 33
Hey,

My last question didnt get much help so I thought I would ask a more direct one with less parts. How do I enable 'Allow modifications to be made directly to the system catalogs' with SQL?

Thanks
Lowell
Lowell
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14956 Visits: 38952
since 2005, it's no longer possible. the old SQL 2000 syntax is ignored.

what is it you think you want to change, that cannot be done with the normal commands?

Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

falcon59x
falcon59x
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 33
First thanks for the reply,

Secondly I am trying to delete access to Object Permissions for the public user. (I am not worried about the side affects, it has to be done) The SQL comman I am using deletes all of the Object Permissions for public accept 26 Now I have read that if I dont enable the Allow modifications to be made directly to the system catalogs' I cant delete them all and I am assuming this is the problem which I am facing. Is there a work around in 2005 or Am I just screwed?
falcon59x
falcon59x
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 33
Thats 26 is the number of Object Permissions sorry I should have clarrified that!
Lowell
Lowell
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14956 Visits: 38952
lets look at the details....show us the SQL you are using to identify objects you want to take away access from; that will really let us help you better.

if it is things like views for sysobjects or something like that, that would be an example of a change you cannot make.

from BOL:

http://msdn.microsoft.com/en-us/library/bb669065.aspx
The public Role
The public role is contained in every database, which includes system databases. It cannot be dropped and you cannot add or remove users from it. Permissions granted to the public role are inherited by all other users and roles because they belong to the public role by default. Grant public only the permissions you want all users to have.



Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

falcon59x
falcon59x
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 33
USE [database name]
SELECT u.name 'User', o.name 'Object', p.permission_name 'Action'
FROM sys.database_permissions p, sys.database_principals u, sys.all_objects o
WHERE o.object_id = p.major_id
AND p.grantee_principal_id = u.principal_id
AND p.grantee_principal_id IN (0, 2)
ORDER BY u.name, o.name, p.permission_name

It is displaying a list of SELECT and EXECUTE.I can delete all except the last 26 which are a mix of the two.
GilaMonster
GilaMonster
SSC-Forever
SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)

Group: General Forum Members
Points: 47239 Visits: 44377
Use the REVOKE statement to remove permissions.

Example
REVOKE SELECT on SomeTable TO Public



Specific statement depends on what the objects are.

Directly editing the system tables, even on SQL 2000, was just asking for a corrupt database. I had to clean up often enough after people who just wanted to quickly edit the system tables and not care about the side effects (which can be a completely unusable database if you're not careful)


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Jeffrey Williams 3188
Jeffrey Williams 3188
SSCarpal Tunnel
SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)SSCarpal Tunnel (4.5K reputation)

Group: General Forum Members
Points: 4463 Visits: 9829
What is the purpose of removing that access from the public role? What is it you are trying to accomplish here?

Take a look at VIEW DEFINITION in books online. I think that might be what you are trying to get at.

Jeffrey Williams
Problems are opportunities brilliantly disguised as insurmountable obstacles.

How to post questions to get better answers faster
Managing Transaction Logs

falcon59x
falcon59x
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 33
- I already have the Revoke applied my code uses a cursor to run through each Object name. Unfortuantly though there are a few that its not sufficent to delete. I appriciate your concern, but I implied i dont care about the side effects to avoid a lecture. Plus I am Installing the SQL and running this script to set it up. No unfourtnate DBA's or SA's will get stuck cleaning it up.

-I have to delete these permissions from the user, beause its a secure system. So we cannot allow anyone assigned to Public to have any access.
Lowell
Lowell
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14956 Visits: 38952
ok i think i'm following along; i created a brand new database in SQL 2005, and ran the following script to generate the revoke statements; i think the difference for me is i'm specifically getting the schema name of the objects as well, and that is allowing me to drop access to things like sys.all_columns:

--CREATE DATABASE [SandBox]
GO
USE [SandBox]
SELECT
'REVOKE ' + convert(varchar(50),x.[Action])
+ ' on ' + x.[Schema]
+ '.' + convert(varchar(50),x.[Object])
+ ' TO ' + convert(varchar(50),x.[User]) COLLATE Latin1_General_CI_AS
FROM (
SELECT
u.name COLLATE Latin1_General_CI_AS AS 'User',
schema_name(o.schema_id) As 'Schema',
o.name COLLATE Latin1_General_CI_AS AS 'Object' ,
p.permission_name COLLATE Latin1_General_CI_AS AS 'Action'
--into tmp
FROM sys.database_permissions p, sys.database_principals u, sys.all_objects o
WHERE o.object_id = p.major_id
AND p.grantee_principal_id = u.principal_id
AND p.grantee_principal_id IN (0, 2)
) X





Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search