April 4, 2012 at 7:29 am
Hi,
How to access metadata information from sysobjects table through a non admin user, but without granting view any definition rights?
Thanks
Vijay
April 4, 2012 at 7:32 am
The answer is grant view definition to that user. Why is that not an option here?
p.s. sysobjects is deprecated, should not be used any longer, included only for backward compatibility with SQL 2000. Use sys.objects.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
April 4, 2012 at 7:36 am
Hi,
OK i can also prefer sys.objects, But situation is this, the user should not be given with the grant view any definition permission, but he needs to access the sys.objects information. Is there any workaround for this case?
Thanks for replies
April 4, 2012 at 7:38 am
GilaMonster (4/4/2012)
The answer is grant view definition to that user. Why is that not an option here?p.s. sysobjects is deprecated, should not be used any longer, included only for backward compatibility with SQL 2000. Use sys.objects.
would GRANT SELECT ON sys.objects TO UserBob be the way to go. or does grant select not work on the sys. items
For performance Issues see how we like them posted here: How to Post Performance Problems - Gail Shaw[/url]
Need to Split some strings? Jeff Moden's DelimitedSplit8K[/url]
Jeff Moden's Cross tab and Pivots Part 1[/url]
Jeff Moden's Cross tab and Pivots Part 2[/url]
April 4, 2012 at 7:49 am
capn.hector (4/4/2012)
GilaMonster (4/4/2012)
The answer is grant view definition to that user. Why is that not an option here?p.s. sysobjects is deprecated, should not be used any longer, included only for backward compatibility with SQL 2000. Use sys.objects.
would GRANT SELECT ON sys.objects TO UserBob be the way to go. or does grant select not work on the sys. items
It's not that he can't query sys.objects, that anyone can do. However it will only show objects that the user has some permission on.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
April 4, 2012 at 7:50 am
Ok, what must the user be allowed to do and what must the user not be allowed to do?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
April 4, 2012 at 7:50 am
sys.objects is a view which is filtered on the database_principals permissions.
rows of data may exist for an admin which will not be visible to that user; simple enough to prove:
create user [ClarkKent] without login
Execute As USER= 'ClarkKent'
select user_name() --I'm Clark Kent
select * from sys.objects --nothing there! if he can see anything, it's because someone granted to PUBLIC!
REVERT; --change back to superman
drop user [ClarkKent]
the end user has access to sys.objects, but can only see the objects he has access to...not ALL objects that exist.
the only solution is to put the user in a role that grants all the permissions...VIEW DEFINITION is best, as Gail said...a crappy alternative would be db_datareader.
Lowell
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply