Interesting question. Yet I have another one:
Why not disabling "guest" for the master database?
I guess because SQL Server needs the access to the master database for extracting information from the system tables and views as well as for stored procs.
Something like "sys.databases", "sys.messages" etc.
I would have expected to see guest being member of the role "public" but I didn't see anything.
EXECUTE AS USER = 'guest';
FROM fn_my_permissions('sys.messages', 'Object')
Returns me a SELECT permission.
I want to know what exactly is the user "guest" allowed.
I found a script here:
Is there a shorter way to extract the (object level) permisions of a user?
Does anyone have a link what the master database needs these permissions for?
If you set out to do something, something else must be done first.