Hi
I have a query in relation to db permissions. I created a local Windows
login and then created a SQL Server login using the same account. I gave this
login access just to one database and assigned him to the db_denydatawriter
role in that databse. This works fine as I just want them to have SELECT
access only on that db. The problem is that that login can still do SELECT,
UPDATE, DELETE and INSERT on other db's within the server.
I thought that if you didn't select Permit against a database in the
Database Access screen that the user would not have access to the db?
What is the best way to prevent this user from accessing any db's apart from
the one which I specified. I could obviously go through each db and specify
db_denydatawriter but on servers with lots of db's that is not really
practical.
Thanks in advance"jonjo" <jonjo@.discussions.microsoft.com> wrote in message
news:3DA9DC0E-FEA9-48DD-A7B6-CBC6FAAA0D92@.microsoft.com...
> Hi
> I have a query in relation to db permissions. I created a local Windows
> login and then created a SQL Server login using the same account. I gave
> this
> login access just to one database and assigned him to the
> db_denydatawriter
> role in that databse. This works fine as I just want them to have SELECT
> access only on that db. The problem is that that login can still do
> SELECT,
> UPDATE, DELETE and INSERT on other db's within the server.
> I thought that if you didn't select Permit against a database in the
> Database Access screen that the user would not have access to the db?
> What is the best way to prevent this user from accessing any db's apart
> from
> the one which I specified. I could obviously go through each db and
> specify
> db_denydatawriter but on servers with lots of db's that is not really
> practical.
> Thanks in advance
Check those other DB's for a guest account. If you don't have explicit
access to a database and it has a guest account, then your login will use
that guest account.
Rick Sawtell
MCT, MCSD, MCDBA|||Thanks Rick
I'll do that
"Rick Sawtell" wrote:
> "jonjo" <jonjo@.discussions.microsoft.com> wrote in message
> news:3DA9DC0E-FEA9-48DD-A7B6-CBC6FAAA0D92@.microsoft.com...
> > Hi
> >
> > I have a query in relation to db permissions. I created a local Windows
> > login and then created a SQL Server login using the same account. I gave
> > this
> > login access just to one database and assigned him to the
> > db_denydatawriter
> > role in that databse. This works fine as I just want them to have SELECT
> > access only on that db. The problem is that that login can still do
> > SELECT,
> > UPDATE, DELETE and INSERT on other db's within the server.
> >
> > I thought that if you didn't select Permit against a database in the
> > Database Access screen that the user would not have access to the db?
> >
> > What is the best way to prevent this user from accessing any db's apart
> > from
> > the one which I specified. I could obviously go through each db and
> > specify
> > db_denydatawriter but on servers with lots of db's that is not really
> > practical.
> >
> > Thanks in advance
> Check those other DB's for a guest account. If you don't have explicit
> access to a database and it has a guest account, then your login will use
> that guest account.
> Rick Sawtell
> MCT, MCSD, MCDBA
>
>
No comments:
Post a Comment