November 6, 2007 at 2:14 pm
SQL 2000, SP4, transaction replication. Views are created named SYNC_* and select the columns in the tables that are being replicated. It appears PUBLIC role is granted select access to the SYNC_* views. Just looking at the security configuration on these views in enterprise manager make it appear as if this is a HUGE security issue. But, although the views have been granted select to Public, it looks like the result set is filtered somehow and users without admin rights do not get any data back when they select against it.
Can anyone shed some light on how this security works?
November 8, 2007 at 6:44 am
OK, no response so far. So let me rephrase the question.
Does anyone else also see this behavior in the SYNC_ views created for replication.
November 9, 2007 at 5:19 am
It surprises me too.
In the definitions where-clause of the view is
where permissions(831458882) & 1 = 1
Still have to decipher that.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply