Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 Another Security Question

Author  Topic 

someguy51
Starting Member

11 Posts

Posted - 2005-10-07 : 12:18:54
I read that you should make sure that the public group can't issue SELECT statements against system tables. My thought is that you shouldn't mess with the system tables as it could break SQL server. Has anyone tried this? If so, would you restrict access to the sytem tables only in user defined databases or in master, model, msdb and tempdb as well?

Sorry for all the questions...

Thanks,
Chris

X002548
Not Just a Number

15586 Posts

Posted - 2005-10-07 : 12:32:20
I only allow access to the database through stored procedures, so for me, this is not an issue.



Brett

8-)

Hint: Want your questions answered fast? Follow the direction in this link
http://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspx
Go to Top of Page

someguy51
Starting Member

11 Posts

Posted - 2005-10-07 : 12:56:16
Thanks for the reply Brett. I actually havn't added a user defined database yet. But when I do I want to do the same, only allow access through stored procedures. Is there an easy way to do that? Or do you have to write a script to "Revoke ..." on every table (including the system ones?) for your database and then add execute permissions to your stored procs on the users/groups after?

Thanks,
Chris
Go to Top of Page

jen
Master Smack Fu Yak Hacker

4110 Posts

Posted - 2005-10-07 : 23:13:54
just revoke permissions from the public role, actually,

you can set your model database this way so that everytime you create a new database, you don't need to repeat the procedure over again

when you start applying the permissions:

1. create the objects first
2. you can script out the granting of permissions by:

select 'grant execute on ' + routine_name + ' to userAccount'
from information_schema.routines where datediff(day,created,getdate())=0

this will script out the permission e.g. grant execute on objects you created for the day...

by default, there are no permissions on the table and the database roles do not have any members, unless you specified in your model database otherwise

HTH

--------------------
keeping it simple...
Go to Top of Page
   

- Advertisement -