March 24, 2015 at 9:19 pm
Comments posted to this topic are about the item Secure Checks
March 24, 2015 at 11:39 pm
Today's question included the statement regarding walking off "without Logging Off" and still the user should not be able to use the set of permissions then how come with SETUSER with NoRESET option is true ? In MSDN in NOTE it is clearly stated that "If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights."
March 25, 2015 at 2:46 am
Nice question, thanks.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
March 25, 2015 at 2:52 am
This was removed by the editor as SPAM
March 25, 2015 at 4:34 am
Don't get too fond of SETUSER. It's been deprecated 😉
March 25, 2015 at 5:15 am
Nice question to get the brain cells moving. I prefer EXECUTE AS, so I don't use SETUSER.
March 25, 2015 at 6:31 am
sucheta.kothare (3/24/2015)
Today's question included the statement regarding walking off "without Logging Off" and still the user should not be able to use the set of permissions then how come with SETUSER with NoRESET option is true ? In MSDN in NOTE it is clearly stated that "If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights."
I think the logon/logoff must happen if the administrator wants back in, but the requirements are just that the developer must be able to use the machine.
March 25, 2015 at 7:31 am
Brian.Klinect (3/25/2015)
sucheta.kothare (3/24/2015)
Today's question included the statement regarding walking off "without Logging Off" and still the user should not be able to use the set of permissions then how come with SETUSER with NoRESET option is true ? In MSDN in NOTE it is clearly stated that "If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights."I think the logon/logoff must happen if the administrator wants back in, but the requirements are just that the developer must be able to use the machine.
I agree, saying that the sysadmin must log off to reestablish his (i.e. sysadmin) rights confirms the correctness of the answer.
March 25, 2015 at 8:28 am
Thanks! Great question.
- webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
March 25, 2015 at 9:09 am
Nice question, thanks
March 25, 2015 at 9:22 am
Ed Wagner (3/25/2015)
Nice question to get the brain cells moving. I prefer EXECUTE AS, so I don't use SETUSER.
+1
Be still, and know that I am God - Psalm 46:10
March 25, 2015 at 9:23 am
SETUSER WITH NORESET doesn't prevent anything in SSMS.
After doing the SETUSER, the developer may not be able to do a SETUSER to revert back to sysadmin permisions, but he can right-click in the query window and select "Open server in object explorer". He would automatically get a new connection with sysadmin security context.
The question explicitly mention SSMS. Considering this, the answer should be that there is no way to prevent it.
March 25, 2015 at 2:04 pm
Nice straight fwd question. I scored 1 mark.
https://technet.microsoft.com/en-us/library/aa259240(v=sql.80).aspx
Thanks.
March 26, 2015 at 2:35 am
Ivanova (3/25/2015)
Don't get too fond of SETUSER. It's been deprecated 😉
It is still in production till version 2014; I am not using it anyway, but it`s not bad to learn somthin new 🙂
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
March 26, 2015 at 6:34 am
I don't switch around so don't use SETUSER. I just work on my own machine.
Viewing 15 posts - 1 through 15 (of 16 total)
You must be logged in to reply to this topic. Login to reply