April 11, 2008 at 6:52 am
I am trying to provide "least privileges" to the users and tried the "REVOKE VIEW ANY DATABASE FROM public" yesterday on the development server.
It does partly what I intended, i.e., users cannot see any databases except for MASTER and TEMPDB (which is still too much, but much better than before).
However, I do need the Users to see their DEFAULT DATABASE, otherwise their applications cannot select the DEFAULT database for data inserts.
Does anyone have any suggestions? Or do I need to "GRANT VIEW ANY DATABASE TO public" and just live with the Users seeing all of the databases but only having access to their own database (i.e., if the select a different database they get the error "The database ------ is not accessible")?
Thanks! 🙂
Argue for your limitations, and sure enough they're yours (Richard Bach, Illusions)
April 12, 2008 at 12:39 am
Unfortunately, I do believe you're going to have to live with granting VIEW ANY DATABASE.
K. Brian Kelley
@kbriankelley
April 19, 2008 at 5:13 pm
Have a look at this thread.
http://duartes.org/gustavo/articles/Lock-Down-SQL-Server-2005.aspx
Let me know if you implement anything i would like to do this too.
Just not got around to this yet.
(When adding new database the guest user comes in - should you just delete this user guest from the database under security logins for each database)?
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply