Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Join Date
    Mar 2005
    Posts
    12

    Unanswered: Need urgent help with pemission problem

    Hi all ,

    I posted an early post regarding that with no reply , its seem strange that
    nobody know that issue coase it looks majur issue .

    The problem is when creating a db and the a user for that db only from enterprise manager , when that user log into with enterprise manager also
    he can see the content of the master db (also the other default sql2000 system dbs) .

    Any way to avoide that issue ?

    Any help will be great .

  2. #2
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    Short answer: No.

    Longer answer: You can hide the system databases in enterprise manager, but all users will need at least guest access to the master database. You can safely remove the guest user from the msdb database, however. Removing guest from master will result in enterprise manager breaking for anyone who is not in the sysadmin group, I believe.

  3. #3
    Join Date
    Mar 2005
    Posts
    12
    Hi ,

    Thanks for the answare .

    Let me get it , there is no way to protect the master db from regular users
    what is point in that ? everyone can see everything , even guest .

    This is realy odd thing . im sure microsoft did it for a resone but it doesnt make sence anyhow .

    Thanks ,

  4. #4
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    McCrowley is right. The Sr. DBA did this at my last company did this and I was trying to work though it in my head. I know you can not remove the guest account in master. Maybe sp_denylogin on their NT accounts. Are you using Windows Authentication?
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  5. #5
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    Why do your regular users have the Enterprise Manager installed anyways? Let me guess, they are writing ad hoc queries in the QA too. Barf. I was just assuming you were trying to lock out your developers.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  6. #6
    Join Date
    Mar 2005
    Posts
    12
    Its for hosting perpose , so you open a user a db asign a user , if he wants
    do admin his db its more then fine but why he must see the master db contents , its system content .

    Dont get this oproche .

    P-s : its mix mode , we decide to open a sql user only(not os)
    didint notice the deny login option but deny read will prevent the login all together .

    Thanks ,
    Last edited by pilpelet; 03-10-05 at 13:36.

  7. #7
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    sp_denylogin is a system stored procedure.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  8. #8
    Join Date
    Mar 2005
    Posts
    12
    Its not NT authentication but sql only , is the stored procidure will be possible also , if its only for system users then its a good couse to change the logins now befor going into production , how can i test the stored procidure you mentioned , how does it work , i come from mysql generaly .

    Thanks ,

  9. #9
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    I think this one is for NT auth only.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  10. #10
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    You may want to start here, for now.

    http://www.microsoft.com/sql/techinf...gsqlserver.asp

    I would not worry too much over people being able to see the master database, so long as they can not write to it (i.e. have sysadmin rights)

  11. #11
    Join Date
    Mar 2005
    Posts
    12
    Almost everything that mentioned in the arcticle is implimented but the mix mode .

    Ill try to make some test without it(NT only athentication)

    Can you post a demo sytax for the stored procidure you mentioned

    will be great .

    Many thanks for all your help .

  12. #12
    Join Date
    Mar 2005
    Posts
    12
    Notices another odd thing , by changing the mix to NT only it wont allow
    logins from operating systems that not login the sql domain .

    Very strange all those issues , may be fixed in sql2005 , LOL

  13. #13
    Join Date
    Mar 2005
    Posts
    12
    Another wird thing , by changing the sql service from the default localsystem to just a simple user it wont start the service , i did it exactly like micrososft suggested (from enterprise manager) too much crap with this system .

  14. #14
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    Quote Originally Posted by pilpelet
    Almost everything that mentioned in the arcticle is implimented but the mix mode .

    Ill try to make some test without it(NT only athentication)

    Can you post a demo sytax for the stored procidure you mentioned

    will be great .

    Many thanks for all your help .
    Try SQL books online in the SQL Server Programs folder. Busy today. sorry.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  15. #15
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    Quote Originally Posted by pilpelet
    Notices another odd thing , by changing the mix to NT only it wont allow
    logins from operating systems that not login the sql domain .

    Very strange all those issues , may be fixed in sql2005 , LOL
    this by design and kind of implied by the term NT authentication. it is intended to be the most secure configuration.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •