Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
hismightiness
Posting Yak Master
164 Posts |
Posted - 2005-04-20 : 16:39:26
|
Why is it that any user I add to my SQL Server (2000) can see the system databases and query them by default (master, model, etc)? Are they supposed to? If they are not supposed to, what would the proper way be to deny them from seeing them without messing up the server?- - - -- Will -- - - -http://www.servicerank.com/ |
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2005-04-20 : 18:28:49
|
First, don't let them use Enterprise Manager. If they're not an admin, they don't need it and shouldn't be using it. There is a setting under Edit Registration Properties to show/hide system tables and databases, but the user can change it at any time.If you want to prevent the users from making changes, add their user account(s) to the db_denydatawriter role, and/or explicitly DENY permissions to tables, views, etc. Books Online has more details under "DENY" and "roles". |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-04-20 : 23:59:23
|
they can query because of the guest account, you can't remove it from tempdb and master, but you can restrict the permissions to nothing if you like--------------------keeping it simple... |
|
|
|
|
|