Results 1 to 8 of 8
  1. #1
    Join Date
    Jun 2003
    Posts
    5

    Unanswered: deny permission help

    Hello,

    I am using sql server 7.0, I want to deny permission to certain extended procedures in the master database to all the dbowners of other databases. Please tell me the syntax of the command with example.

    koolnyze

  2. #2
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Make sure the dbo accounts don't have explicit access to your master database (the dbo in master is not necessarily the same as the dbo in the other databases). Then deny permission to the guest user role in master for whatever procedures you want to disallow.

    Since you are making a change in your master database, be sure to back it up!

    blindman

  3. #3
    Join Date
    Jun 2003
    Posts
    5
    Hi,

    I want to deny the permission to dbowners for getting the directory list when they click on the backup destination for taking backups. I have denied execute pemission to guest and public for xp_availablemedia but still the dbowners are able to get the directory list. Can you please suggest how to achieve this?

    Koolnyze

  4. #4
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Microsoft's support webset (http://support.microsoft.com/default...b;en-us;323249) had this to say:

    "Only members of the SQL Server system administrators role (sysadmin) can view the directory structure and select local backup files. "

    Try going into the SQL Server Security/Logins folder in Enterprise Manager. Right click on the login, select Properties, and go to the Server Roles tab to make sure that the login is not a member of the system administrators server role.

    I didn't try this, so let me know if it works!

    blindman

  5. #5
    Join Date
    Jun 2003
    Posts
    5
    "Try going into the SQL Server Security/Logins folder in Enterprise Manager. Right click on the login, select Properties, and go to the Server Roles tab to make sure that the login is not a member of the system administrators server role."

    I checked it and the login does not have any role selected. The login has been made dbowner of one database only and cannot access any other database. Still the login is able to browse the directory tree. Any other seggestions.

    koolnyze

  6. #6
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Jeez, I'm running out of ideas.

    What about looking at the server roles themselves (System Administrators and maybe Disk Administrators) to see who IS a member? Perhaps your users have administrative access through their network login account?

    Sorry I can't be of more help, but this is getting into an area where I have less expertise. A network administrator might be able to help you out.

    blindman

  7. #7
    Join Date
    Jun 2003
    Posts
    5
    I have thoroughly checked but everything seems fine. It seems that something else also needs to be done before the permission to deny the view of directory tree will be effected.

    Thanks for your help

    koolnyze

  8. #8
    Join Date
    Jun 2003
    Posts
    5
    Hi,

    Only denying permission to xp_availablemedia doesn't work. When I denied permission to xp_fixeddrives also, it started working.

    koolnyze

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •