SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


DB_Owner Database Role Membership Permission in SQL 2005


DB_Owner Database Role Membership Permission in SQL 2005

Author
Message
birdman357
birdman357
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 11
We are using a VB6 application thru Citrix Metaframe 4 on Windows 2003
Servers that accesses a database on an SQL 2005 server (Windows Server
2003 OS) that requires that the users (or user group) have the
DB_Owner Database Role Membership Permission in SQL 2005. A client is
concerned that this level of access for their users will leave open
potential security risks. When we remove the DB_Owner Database Role
Membership Permission in SQL 2005 our VB6 application cannot properly
run stored procedures among other tasks. We use windows integrated
security (active directory) only setup and NOT SQL Server
authentication.

Is the DB_Owner Database Role Membership Permission in SQL 2005 a real
risk for security? The client is concerned the users can hack in and
drop or alter the databases.

Thank you!
Ignacio A. Salom Rangel
Ignacio A. Salom Rangel
SSCertifiable
SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)

Group: General Forum Members
Points: 6502 Visits: 1439
It is a risk to give db_owner permissions to a user. check this link: http://technet.microsoft.com/en-us/library/cc966507.aspx.




My blog

OomBoom
OomBoom
Say Hey Kid
Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)Say Hey Kid (693 reputation)

Group: General Forum Members
Points: 693 Visits: 514
It is a risk if you have someone that wants to be milicious, he can steel information or remove important data that will cost you time and man hours to fix. There is another way to protect the system and you can do it with server triggers. This will allow you to grant db_owner rights to users that log in from the app and deny access if they log in with anything else.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Do not reinvent the wheel.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search