Post reply

"Deny Connect SQL " does not work

  • May 13, 2015 at 5:01 pm

    #296965

    My code is

    Deny Connect SQL to [domainName\login1];

    Login1 is not a sysadmin;

    Then I tested with the following code.

    execute as login='domainName\login1'

    go

    select SYSTEM_USER

    go

    select * from master.sys.databases

    There is no permission error.

    What did I missed?

  • May 13, 2015 at 9:10 pm

    #1797742

    you didn't login with that user.

    execute as tests permissions on objects, it does not test whether they can login.

    you literally have to connect via windows, as that user, and see it gets rejected. for connect.

    its certain;y possible to create users without logins, or to have a disabled login, but usage of permissions on objects.

    for example, sa on my machine is disabled, but if i created a procedure with EXECUTE AS OWNER , the procedure would work, and use that permission.

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply