Trying to Add User with Access to One Stored Procedure

  • I am trying to add a user in SQL 2000. I only want them to be able to execute one stored procedure in one database. My problem is that the new user can also see the system databases and the SQL logins. Not only that, but they are able to make modifications to the aforementioned areas. What am I missing to clamp it down to where I want it? I am using GUI, but I will be happy to use a T-SQL solution.

    Thanks.

    Steve

  • it sounds like the user in question has a LOGIN which was granted sysadmin privileges.

    i don't have QA available for SQL2000 anymore, but you can go to the properties of the login and uncheck a checkbox to remove that over-reaching privilege.

    once that is done, the regular permissions you've added will apply as expected.

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • I have all of the server roles unchecked. All tables have public checked and it won't let me uncheck them. I can't seem to find a property that is enabled giving this user sysadmin type access. Is there something I am missing? I will be glad to provide pictures if needed.

    Thanks.

  • it might not be obvious;

    for example, if it's a windows account, ie mydomain\lowell has too much access, it's probably because i'm in a windows group

    that has direct or implied access

    SQL 2000 still uses the Builtin\Administrators group, so it might be the user is a local admin on the box, which auto-magically grants sysadmin..

    it might be a domain group.

    you can check that with an extended stored procedure:

    modify either of these commands to check a specific user, or a group:

    EXEC master..xp_logininfo @acctname = 'mydomain\lowell',@option = 'all' -- Show all paths a user gets his auth from

    EXEC master..xp_logininfo @acctname = 'mydomain\authenticatedusers',@option = 'members' -- show group members

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • My apologies for not mentioning that this is an SQL authentication account, not a Windows account.

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply