Public Role
-
The public role has SELECT priviledges on many database system tables. From a security standpoint this seems a little risky. My questions are:
1) Does anyone have any references that provide guidlines for changing these priviledges?
2) Are there any select priviledges that should be removed to improve security, and what is the impact on the role's or associated user's behavior.
Thanks,
Michael
-
Public has to have rights to most of the information it hits for connections to work. If you are concerned with security check out the checklist at http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=3&tabid=4
I see you are already familiar with their discussion board.
I do beleive there are a few system stored procedures pointed out on the checklist that are able to be hit by public users that make it worth looking at.
-
I've experimented quite heavily with the system tables and permissions but don't have anything ready as of right now. Suffice it to say that when you start locking down system tables you start breaking things like ODBC that you wouldn't expect to break. Case in point: revoke Public's SELECT rights to sysdatabases on a test box and try and create an Access project to that SQL Server.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley -
Don't use Access!!!!!!!
Actually, some of the access is needed for metadata for access methods as BKelley mentioned. The only table I've locked down is syscomments.
Steve Jones
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply