March 18, 2009 at 10:56 am
Hi there,
I'm currently setting up a SQL 2005 server and migrating SQL 2000 databases, I'm looking into the security of the databases and was wondering if its possible to hide databases from users that don't have access to those databases within the same instant and only see the databases they have access to, this would include systems databases.
Thanks
March 18, 2009 at 11:01 am
it depends on the application they are connecting to;
i think if i connect in SSMS, since i can "read" from sysdatabases, i can see all the db's ont he server...but i f i try to connect to one of them, I'm stopped for any i don't have permission for.
SQL Server Web Administrator only allows an end user to connect to their default database you assigned...so they can use that web interface to manipulate their db and even back it up or restore, but they cannot see anything else.
easy solution is to not give the users SSMS, but what harm is there if they know there is a database they cannot connect to?
Lowell
March 18, 2009 at 12:36 pm
Keep in mind the fixed role "Guest", which can not be deleted. With the "Guest" role
public Database Role
Every database user belongs to the public database role.
When a user has not been granted or denied specific permissions on a
securable, the user inherits the permissions granted to public on that securable
Server Role
The public role is granted VIEW ANY DATABASE permission.
You can block the user from seeing data in the database tables by denying login to the "Guest" role in each database.
They of course will be able to see the database name in SSMS object explorer.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply