Post reply

PUBLIC access to MASTER DB

  • October 13, 2005 at 1:47 pm

    #166465

    I created a Custom DB Role in our production DB and added a user to this role. This user has select access to only a few tables in our DB from that role and is not a memeber of any other Role. I have logged on as him via EM to test his permissions and I noticed he can access some Master DB Tables. Is there a good article on the list of tables that have PUBLIC access (if thats what it is) in the Master DB? and why users need to be allowed to view that data? TIA!

  • October 14, 2005 at 6:03 am

    #597314

    The Public role that every login has read rights to all tables in master; you cannot remove the public role from master either,as i remember.

    brian kelly cited some specific resources here; he explained that in order to achieve c2 certification, public was givien access to a number of resources:

    http://www.sqlservercentral.com/forums/shwmessage.aspx?forumid=6&messageid=170299

    and here is his white paper he wrote on the specifics:

    http://www.sans.org/rr/whitepapers/application/1273.php

    hope that helps

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • October 14, 2005 at 6:25 am

    #597321

    Great, thanks for the response Lowell. I'll check out the links!!!!

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply