Post reply

public role revoke permissions

  • October 10, 2011 at 7:17 pm

    #244351

    Hi All,

    Is that a good way to revoke permissions from PUBLIC role?

    If i do that , what are the side affects am going to have ?

    Any reference links would be a great help.

    Thanks in Advance.

  • October 11, 2011 at 1:31 pm

    #1393121

    What are you trying to do? What are you worried about the public role having permissions to do that you want to take away?

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • October 11, 2011 at 2:48 pm

    #1393163

    there's a number of threads here on SSC where the requirement is to remove public permissions in order to comply and lock down a SQL server to DoD standards (google Database Security Checklist for examples).

    In that ,we just don't care what breaks.

    see this thread for an example:

    http://www.sqlservercentral.com/Forums/Topic845604-392-1.aspx#bm845742

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • October 12, 2011 at 7:45 am

    #1393441

    Be aware that revoking Public access to all objects may break SQL Server and take you outside of Microsoft support.

    The DoD documentation makes it clear that you should not just revoke access rights to Public, you must have an alternative custom role that you should use instead of Public to contain these rights. It also makes clear that not all rights should be revoked from Public - you should only revoke those rights where revocation is supported by Microsoft and document the remaining use of Public.

    Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

    When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

  • October 13, 2011 at 2:22 am

    #1393858

    Basically as per security policies , we need to remove the EXECUTE permisisons on all extended stored proc's which is causing problems. I want to know what are the affects of it.

    Do we have any links to explain the same??

  • October 13, 2011 at 2:23 am

    #1393859

    Basically i do not want to revoke permissions from public but i need a strong documentation or reference llinks that explains breaking of functionallity or other specifc issues after revoking !!!!

  • October 14, 2011 at 8:09 pm

    #1394896

    This post seems relevant to your situation: http://blogs.technet.com/b/fort_sql/archive/2010/02/04/remove-public-and-guest-permissions.aspx

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply