Results 1 to 12 of 12
  1. #1
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    1,941

    Unanswered: Permissions Question

    Now that my app has more than 3 users, I've decided I need to be a little more strict with security. I have security in place on the front end (Access), but now I want to use SQL Server security also.

    I set up a "test" table and didn't set up any permissions. I linked it to my Access app and was able to Select, Insert, Delete.
    I went back to SS and set all permissions for my account, the admin account, and the public account to DENY. Then I went back to my access db, refreshed the link, and was STILL able to Select, Insert, Delete.

    Did I miss something?
    Inspiration Through Fermentation

  2. #2
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    I need more details.

    how are you logging in? Windows Auth vs. SQL Server Login?
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  3. #3
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    1,941
    Windows Auth
    Inspiration Through Fermentation

  4. #4
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    What is the role of the "Admin" account? sysadmin?
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  5. #5
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    1,941
    dammit... you asked me a question I don't know the answer to.
    Now I have to call the Network security goon. That involves a
    "help desk" ticket. This might take a while....
    Inspiration Through Fermentation

  6. #6
    Join Date
    Nov 2004
    Location
    on the wrong server
    Posts
    8,835
    Provided Answers: 6
    I was inquiring about the sql server role.
    “If one brings so much courage to this world the world has to kill them or break them, so of course it kills them. The world breaks every one and afterward many are strong at the broken places. But those that will not break it kills. It kills the very good and the very gentle and the very brave impartially. If you are none of these you can be sure it will kill you too but there will be no special hurry.” Earnest Hemingway, A Farewell To Arms.

  7. #7
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    You are likely logging in as the sysadmin, or at least DBO (Database Owner). Log into the database with Query Analyzer, and run the following:
    Code:
    select user_name()

  8. #8
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    1,941
    I don't know if this is the answer or not, but here's what I found:

    If I go to Security->Server Roles and look at the properties for System Administrators I see the Administrator account, along with my individual account (among others)
    Inspiration Through Fermentation

  9. #9
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    1,941
    Quote Originally Posted by MCrowley
    You are likely logging in as the sysadmin, or at least DBO (Database Owner). Log into the database with Query Analyzer, and run the following:
    Code:
    select user_name()

    dbo

    but wouldn't my front end use my windows login?
    Inspiration Through Fermentation

  10. #10
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    1,941
    I think I stumbled into the answer. I went to someone elses computer, and
    was NOT able to do anything but view the data. If I changed the permissions (from my PC), then I could make changes to the data from the other PC.

    So I'm guessing since my Windows "name" is the DBO role on SQL, I always have full access to the data - even if I explicitly set my permission on the table to deny?
    Inspiration Through Fermentation

  11. #11
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    That is correct. Keep that up, and you might have to change your title.

  12. #12
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    The server sysadmin role becomes dbo in any database on the server. You can't change that.

    SQL Server never checks permissions for dbo/db_owner, so for members of those groups no permissions in the database matter.

    -PatP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •