June 29, 2002 at 10:14 pm
Hi,
I want to know whether it is correct to drop Guest Login from MasterDB Users (Ofcourse It is just member of Public Role).
Any suggestions will be appriciated.
SaNaZ
July 1, 2002 at 9:14 am
Should be fine. If you need to grant permissions to everyone, you will need to reenable it.
Steve Jones
July 1, 2002 at 12:37 pm
WHoops. Missed that. Disable the account then.
Steve Jones
July 2, 2002 at 5:17 am
Hi,
Tanx for all reply 🙂
SaNaZ
July 13, 2002 at 6:17 am
I'm busy doing an inhouse security doc and I have a question regarding the guest account. When I click on the guest login account it shows the guest user as having databases access to some of my custom db's. When I try remove (untick) access, I get "The name guest was not found in the users collection . . ." So I tried doing a sp_grantdbaccess and then a sp_dropuser, after which it says "user has been dropped" but if I do a query on sysusers it's still there. MS says "by default the guest account does not have access to model and therefore the guest user does not have access to any of the new databases. This does not seem the case, any ideas how I can remove guest from my db's?.
July 13, 2002 at 7:32 am
The guest account, like dbo, will be in sysusers because it is a special account. However, even though the entry is in sysusers, the guest account doesn't necessarily have access. SQL Server takes some additional measures with respect to the "guest" user. Here are some code excerpts which show it's supposed to be in sysusers:
From sp_grantdbaccess:
-- CHECK FOR SPECIAL USER GUEST --
if @name_in_db = 'guest'
begin
-- ERROR IF NOT USER, OR ALREADY ADDED --
if @loginame <> 'guest'
begin
raiserror(15062,-1,-1)
return(1)
end
if exists (select * from sysusers where hasdbaccess = 1 and name = 'guest')
begin
raiserror(15023,-1,-1,'guest')
return (1)
end
-- ENABLE USER GUEST --
update sysusers set status = (status & ~1) | 2, updatedate = getdate()
where name = 'guest'
return (0)
end
From sp_revokedbaccess:
-- DROP USER: SPECIAL HANDLING FOR GUEST (REMOVE HASDBACCESS) --
if lower(@name_in_db) = 'guest'
update sysusers set status = status & ~2, updatedate = getdate()
where uid = user_id('guest')
K. Brian Kelley
http://www.sqlservercentral.com/columnists/bkelley/
K. Brian Kelley
@kbriankelley
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply