May 17, 2013 at 5:13 am
Guys,
SQL Server 2008 R2 with SP1
Is it possible to remove "public" role for database user ?
I am not able to uncheck it.. Please guide.
Thanks in advance,
Smith
May 17, 2013 at 5:35 am
no ;
the public role is kind of like the "Everyone" group in Active directory;
it's required for the system to work, everyone belongs to it. it cannot be removed.
you can, hoever add or further restrict the public group's permissions, which is sometimes required for so remove public permissions in order to comply and lock down a SQL server to DoD standards (google Database Security Checklist for examples).
In that ,we just don't care what breaks.,
see this thread for an example:
http://www.sqlservercentral.com/Forums/Topic845604-392-1.aspx#bm845742
and take a look at this link for a more comprehensive script.
http://blogs.technet.com/b/fort_sql/archive/2010/02/04/remove-public-and-guest-permissions.aspx
Lowell
May 17, 2013 at 9:53 am
It may also be worth noting that public is a server role; in each database there is a guest account which you can deny CONNECT on the database if you absolutely don't want unauthorised server users accessing a particular database. Make sure you don't do this on the system databases though.
This is mentioned in the second link, but just thought it would be good to make the distinction clear.
Follow me on twitter @EvoDBACheck out my blog Natural Selection DBA[/url]
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply