Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
someguy51
Starting Member
11 Posts |
Posted - 2005-10-07 : 12:18:54
|
| I read that you should make sure that the public group can't issue SELECT statements against system tables. My thought is that you shouldn't mess with the system tables as it could break SQL server. Has anyone tried this? If so, would you restrict access to the sytem tables only in user defined databases or in master, model, msdb and tempdb as well?Sorry for all the questions...Thanks,Chris |
|
|
X002548
Not Just a Number
15586 Posts |
|
|
someguy51
Starting Member
11 Posts |
Posted - 2005-10-07 : 12:56:16
|
| Thanks for the reply Brett. I actually havn't added a user defined database yet. But when I do I want to do the same, only allow access through stored procedures. Is there an easy way to do that? Or do you have to write a script to "Revoke ..." on every table (including the system ones?) for your database and then add execute permissions to your stored procs on the users/groups after?Thanks,Chris |
 |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-10-07 : 23:13:54
|
just revoke permissions from the public role, actually,you can set your model database this way so that everytime you create a new database, you don't need to repeat the procedure over againwhen you start applying the permissions:1. create the objects first2. you can script out the granting of permissions by:select 'grant execute on ' + routine_name + ' to userAccount' from information_schema.routines where datediff(day,created,getdate())=0this will script out the permission e.g. grant execute on objects you created for the day...by default, there are no permissions on the table and the database roles do not have any members, unless you specified in your model database otherwiseHTH --------------------keeping it simple... |
 |
|
|
|
|
|
|
|