Protections for master, model, and msdb

  • I am looking into offering SSMS to some users so they can perform operations on a database that they use frequently. So far their login has read only privileges on that database only and no server roles. When signed on as them, other user databases are listed but denied any access.

    However, the system databases master, model, and msdb allow themselves to display potential operations to be performed. I don't want to test all the operations for fear of causing issues (e.g. Restore or Import Data). At this point would there be protections in place to prevent the user from messing with the system databases, or should I be getting more granular with security?

  • If the users don't have rights, meaning a user mapped, in those databases, they can't do anything. You cannot hide these in SSMS, so you need to be sure there aren't rights granted.

    Also ensure Guest is not enabled in these databases.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply