Is it possible to remove "public" role for database user ?

  • Guys,

    SQL Server 2008 R2 with SP1

    Is it possible to remove "public" role for database user ?

    I am not able to uncheck it.. Please guide.

    Thanks in advance,

    Smith

  • no ;

    the public role is kind of like the "Everyone" group in Active directory;

    it's required for the system to work, everyone belongs to it. it cannot be removed.

    you can, hoever add or further restrict the public group's permissions, which is sometimes required for so remove public permissions in order to comply and lock down a SQL server to DoD standards (google Database Security Checklist for examples).

    In that ,we just don't care what breaks.,

    see this thread for an example:

    http://www.sqlservercentral.com/Forums/Topic845604-392-1.aspx#bm845742

    and take a look at this link for a more comprehensive script.

    http://blogs.technet.com/b/fort_sql/archive/2010/02/04/remove-public-and-guest-permissions.aspx

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • It may also be worth noting that public is a server role; in each database there is a guest account which you can deny CONNECT on the database if you absolutely don't want unauthorised server users accessing a particular database. Make sure you don't do this on the system databases though.

    This is mentioned in the second link, but just thought it would be good to make the distinction clear.

    Follow me on twitter @EvoDBACheck out my blog Natural Selection DBA[/url]

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply