Hi,
I have a new instance of SQL Srver 2000 up and running on my computer. I'm trying to configure some accesses and permissions, and I'm haveing some questions which I would apprecciate some replies from you guys that know a bit more about security in SQL Server 2000.
I'm using Enterprise Manager for the job.
So the SQLS2K is completly clean. I have master/model/msdb/Northwind/pubs/tempdb databases defined.
I changed my Server Configuration Security to "SQL Server and Windows" so I can create some logins on SQLS2K.
I want to create a database, and give users only read/write access to tables of this new database. No more access to other databases or any sys tables on SQLS2K in general.
So I created a database named mytest, and created a simple table names table1. Then I went to "Server->Security->Logins" and added a "New Login" named it user1 and gave him a password.
Then I opened Query Analyser, logged in as user1 and had no access to the table I created. I added a role under "Server->Databases->mytest->Roles", named it my_role and on permissions I gave select/insert/update/delete only to the table table1. Then I added user under "Server->Databases->mytest->Users", gave him login name user1 (from combobox) and named it my_user, I didn't forgot to check the role my_role in "Permit in Database Role" list.
Then BANG ... I had access to table1. When trying to access sysindexes table I could SELECT it, but inserting a row would give me the error:
"Ad hoc updates to system catalogs are not enabled. The system administrator must reconfigure SQL Server to allow this."
Great, I can't mess with the system tables in this database. Still I can read them
.
Then I tried to use abother database ... I verified that I could log on to Northwind (for example) and could mess with the tables. I could access master and select system tables.
I could not enter model database, for instance, with the following error:
"Server user 'cruhle' is not a valid user in database 'model'."
Checking the Users settings, I found the following:
MASTER:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Loginno value) / Database Access: Permit
MODEL:
Name: dbo / Login:sa / Database Access: Permit
MSDB:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Loginno value) / Database Access: Permit
NORTHWIND:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Loginno value) / Database Access: Permit
PUBS:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Loginno value) / Database Access: Permit
TEMPDB:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Loginno value) / Database Access: Permit
MYTEST:
Name: dbo / Login:sa / Database Access: Permit
Name: my_user / Login:user1 / Database Access: Permit
So my question is:
Can I delete guest from every database? Will I have problems removing it from master, for example?
I have a new instance of SQL Srver 2000 up and running on my computer. I'm trying to configure some accesses and permissions, and I'm haveing some questions which I would apprecciate some replies from you guys that know a bit more about security in SQL Server 2000.
I'm using Enterprise Manager for the job.
So the SQLS2K is completly clean. I have master/model/msdb/Northwind/pubs/tempdb databases defined.
I changed my Server Configuration Security to "SQL Server and Windows" so I can create some logins on SQLS2K.
I want to create a database, and give users only read/write access to tables of this new database. No more access to other databases or any sys tables on SQLS2K in general.
So I created a database named mytest, and created a simple table names table1. Then I went to "Server->Security->Logins" and added a "New Login" named it user1 and gave him a password.
Then I opened Query Analyser, logged in as user1 and had no access to the table I created. I added a role under "Server->Databases->mytest->Roles", named it my_role and on permissions I gave select/insert/update/delete only to the table table1. Then I added user under "Server->Databases->mytest->Users", gave him login name user1 (from combobox) and named it my_user, I didn't forgot to check the role my_role in "Permit in Database Role" list.
Then BANG ... I had access to table1. When trying to access sysindexes table I could SELECT it, but inserting a row would give me the error:
"Ad hoc updates to system catalogs are not enabled. The system administrator must reconfigure SQL Server to allow this."
Great, I can't mess with the system tables in this database. Still I can read them
.Then I tried to use abother database ... I verified that I could log on to Northwind (for example) and could mess with the tables. I could access master and select system tables.
I could not enter model database, for instance, with the following error:
"Server user 'cruhle' is not a valid user in database 'model'."
Checking the Users settings, I found the following:
MASTER:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Login
no value) / Database Access: PermitMODEL:
Name: dbo / Login:sa / Database Access: Permit
MSDB:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Login
no value) / Database Access: PermitNORTHWIND:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Login
no value) / Database Access: PermitPUBS:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Login
no value) / Database Access: PermitTEMPDB:
Name: dbo / Login:sa / Database Access: Permit
Name: guest / Login
no value) / Database Access: PermitMYTEST:
Name: dbo / Login:sa / Database Access: Permit
Name: my_user / Login:user1 / Database Access: Permit
So my question is:
Can I delete guest from every database? Will I have problems removing it from master, for example?
Facebook
Twitter