Trying to Add User with Access to One Stored Procedure

Question

Trying to Add User with Access to One Stored Procedure

ducksql@gmail.com

SSCrazy

Points: 2826
More actions
April 5, 2013 at 1:31 pm

#272780

I am trying to add a user in SQL 2000. I only want them to be able to execute one stored procedure in one database. My problem is that the new user can also see the system databases and the SQL logins. Not only that, but they are able to make modifications to the aforementioned areas. What am I missing to clamp it down to where I want it? I am using GUI, but I will be happy to use a T-SQL solution.
Thanks.
Steve

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Lowell SSC Guru Points: 323504 More actions · Answer 1

it sounds like the user in question has a LOGIN which was granted sysadmin privileges.

i don't have QA available for SQL2000 anymore, but you can go to the properties of the login and uncheck a checkbox to remove that over-reaching privilege.

once that is done, the regular permissions you've added will apply as expected.

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

ducksql@gmail.com SSCrazy Points: 2826 More actions · Answer 2

I have all of the server roles unchecked. All tables have public checked and it won't let me uncheck them. I can't seem to find a property that is enabled giving this user sysadmin type access. Is there something I am missing? I will be glad to provide pictures if needed.

Thanks.

Lowell SSC Guru Points: 323504 More actions · Answer 3

it might not be obvious;

for example, if it's a windows account, ie mydomain\lowell has too much access, it's probably because i'm in a windows group

that has direct or implied access

SQL 2000 still uses the Builtin\Administrators group, so it might be the user is a local admin on the box, which auto-magically grants sysadmin..

it might be a domain group.

you can check that with an extended stored procedure:

modify either of these commands to check a specific user, or a group:

EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all' -- Show all paths a user gets his auth from

EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members' -- show group members

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

ducksql@gmail.com SSCrazy Points: 2826 More actions · Answer 4

My apologies for not mentioning that this is an SQL authentication account, not a Windows account.