June 6, 2006 at 10:30 am
Hey Guys,
Some Help needed. I tried assign deny permission to one of the users in the database, the user is still able to access the specific table that i denied.
The Deny was for select, insert, update.
If anyone of you guyz could throw some lite, would really appreciate it.
Thank you
June 6, 2006 at 10:43 am
Can you give some more information about the user & his exesting access to db?
Give the command as well which you are executing to deny access to the user.
------------
Prakash Sawant
http://psawant.blogspot.com
June 6, 2006 at 10:44 am
could it be the user was denied access to the table, but has execute permissions on a stored proc that actually does the insert of the data?
Lowell
June 6, 2006 at 10:56 am
I used the command
DENY SELECT, INSERT, UPDATE ON TABLENAME TO USERNAME
The Deny permission doesnt work at all, i mean the user is able to select the requested data, apart from insert and update. And there are no stored procedures which does the insert too
I tried using the sp_helprotect command to view the privileges where it shows as follows:
Owner Object Grantee Grantor Protecttype Action Column
dbo temptable13 username dbo Deny Select (All+New)
But Still the user is able to access the data from the table.
June 6, 2006 at 12:04 pm
Is it possible the user is part of the db_datareader group for this database? Or, is in a role that has been granted SELECT permission on the table?
Mark
June 6, 2006 at 12:07 pm
Do you also use ROLES? See if the user is a member of a role. For example: John Doe is a user, but is also a member of the HR Group role. Maybe they have permissions via the role.
Do they have DB_owner privileges?
Do you get any error message when you try to DENY them?
-SQLBill
June 6, 2006 at 12:34 pm
Nope there are no roles granting access to the user, infact there s a deny on the user, evenso it still doesnt work. Th user is not in the db_owner privileges.
I dont get any error message. When i use the command sp_protect it shows as the user being denied but when user queries the data he is still able to do it.
June 6, 2006 at 3:24 pm
What about server roles? Is the login that the user is mapped to a member of sysadmins?
Greg
Greg
June 6, 2006 at 3:31 pm
Nope, the user is not a member of server roles. I made sure of that.
June 6, 2006 at 3:35 pm
By sysadmins did u mean securityadmin which is one of the server roles?
June 6, 2006 at 3:48 pm
No, I meant the System Administrators server role. My thought was if someone is a member of sysadmin, he/she has permission to do anything in the instance regardless of permissions in a database.
Greg
Greg
June 7, 2006 at 6:33 am
Is the person an admin on the local box or domain? If so, they fall under the BUILTIN/Administrators login in SQL Server.
-SQLBill
June 7, 2006 at 7:54 am
Yeah, the user is not a member of the sysadmin server role.
The person is admin on the local box for his instance of sql server but not on the domain.
June 7, 2006 at 11:56 am
The person is admin on the local box for his instance of sql server [end quote]
If he/she is a local admin on the server that hosts the SQL Server, then they are a sys admin for SQL Server. (by way of BUILTIN/Administrators).
-SQLBill
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply