public role and permissions

  • I am developing a new database for the company I work for. I was completely new to this when I started so have been just developing with no view to security, which I have just started to think about....

    I noticed that the public role has permissions to some of the system tables. And public has 752 permissions on the master table - is this high?

    The database is only in development at the moment and we only have 3 users set up so far - would removing all permissions for public and starting again be the best way to go about this?

    I read somewhere about creating an 'Everyone' role for everyone to be a member of and removing all permissions from public - what are people views on this???

  • What you are seeing isn't unusual. While SQL Server 7.0 and 2000 were built with certain concepts of security in mind, they didn't spend as much time on "information disclosure" as they probably needed to... but then again, it was a different world with these two versions rolled.

    Removing permissions from the public role does have some impact. There are a couple of objects the public role has to have access to. For most else, things can be removed. I'm in the process of converting some text into a series of articles discussing the permissions of the public role.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/

    K. Brian Kelley
    @kbriankelley

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply