October 26, 2007 at 2:42 pm
Hello All,
I am trying to revoke some permissions (actually revoked) as it was recommended by AppDetective after PCI Audit from public account. And now I have a problem with the regular account creating the ODBC connection from any new computer. All existing are working fine and I could create the ODBC connection if logged in as sql administrator.
Now I returned all permissions that were revoked to our specific group (not to public) and I can create the ODBC connection. But it is not resolving the probem if I need to revoke all dangerous permissions from regular accounts.
Question: Which store proc/table/database should have EXECUTE/SELECT permissions to create ODBC connection to the database that the user has the permissions to connect?
I could list all permissions that I revoked but it is more than 1000. instead of trying to turn on and off each of them, maybe you could help me if you know which permissions should be enabled??
Thank you for any info 🙂
November 7, 2007 at 6:42 pm
The login needs to have the connect right. There is no execute stored procedure needed to create the connection. It just needs the ability to connect, a user mapping in the database, or the guest account enabled.
November 7, 2007 at 8:46 pm
Nope, the user group had access to the database and had public group rights and data reader/writer for the database. I revoked permissions from public group for some store procedures in master database and lost the ability to create the new ODBC connections (existing ones were still working). I assigned revoked permissions to this specific group instead of public and received my new connections back. So I assume some procedures should have execute rights.
September 16, 2011 at 9:44 am
Hi,
What permissions did you have to grant back to create new OBDC connections?
I am having this issue.
Existing ODBC connections are working - but creating new ones will not allow connection to the database.
I have recently revoked permissions from PUBLIC as part of vulnerability management as recommended by App Detective.
Thanks,
HJ
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply