Secure Checks

  • Comments posted to this topic are about the item Secure Checks

  • Today's question included the statement regarding walking off "without Logging Off" and still the user should not be able to use the set of permissions then how come with SETUSER with NoRESET option is true ? In MSDN in NOTE it is clearly stated that "If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights."

  • Nice question, thanks.

    Need an answer? No, you need a question
    My blog at https://sqlkover.com.
    MCSE Business Intelligence - Microsoft Data Platform MVP

  • This was removed by the editor as SPAM

  • Don't get too fond of SETUSER. It's been deprecated 😉

  • Nice question to get the brain cells moving. I prefer EXECUTE AS, so I don't use SETUSER.

  • sucheta.kothare (3/24/2015)


    Today's question included the statement regarding walking off "without Logging Off" and still the user should not be able to use the set of permissions then how come with SETUSER with NoRESET option is true ? In MSDN in NOTE it is clearly stated that "If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights."

    I think the logon/logoff must happen if the administrator wants back in, but the requirements are just that the developer must be able to use the machine.

  • Brian.Klinect (3/25/2015)


    sucheta.kothare (3/24/2015)


    Today's question included the statement regarding walking off "without Logging Off" and still the user should not be able to use the set of permissions then how come with SETUSER with NoRESET option is true ? In MSDN in NOTE it is clearly stated that "If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights."

    I think the logon/logoff must happen if the administrator wants back in, but the requirements are just that the developer must be able to use the machine.

    I agree, saying that the sysadmin must log off to reestablish his (i.e. sysadmin) rights confirms the correctness of the answer.

  • Thanks! Great question.

    - webrunner

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

  • Nice question, thanks

  • Ed Wagner (3/25/2015)


    Nice question to get the brain cells moving. I prefer EXECUTE AS, so I don't use SETUSER.

    +1

    Be still, and know that I am God - Psalm 46:10

  • SETUSER WITH NORESET doesn't prevent anything in SSMS.

    After doing the SETUSER, the developer may not be able to do a SETUSER to revert back to sysadmin permisions, but he can right-click in the query window and select "Open server in object explorer". He would automatically get a new connection with sysadmin security context.

    The question explicitly mention SSMS. Considering this, the answer should be that there is no way to prevent it.

  • Nice straight fwd question. I scored 1 mark.

    https://technet.microsoft.com/en-us/library/aa259240(v=sql.80).aspx

    Thanks.

  • Ivanova (3/25/2015)


    Don't get too fond of SETUSER. It's been deprecated 😉

    It is still in production till version 2014; I am not using it anyway, but it`s not bad to learn somthin new 🙂

    Thanks & Best Regards,
    Hany Helmy
    SQL Server Database Consultant

  • I don't switch around so don't use SETUSER. I just work on my own machine.

Viewing 15 posts - 1 through 15 (of 16 total)

You must be logged in to reply to this topic. Login to reply