Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 security issue(urgent)

Author  Topic 

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 16:20:39
Gurus
I am having a serious ecurity issue on my server.
what i did was i created a Db and made a login and user for that DB with exec sp_addlogin 'login','pwd','defdb'
and exec sp_adduser
now when i connect to this db using query analyer i am able to connect to three more databases on my server and i can see there data.i have delted the login and user and tested but same problem.
What can be the reasons.Please help
Regards
Nitin

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 16:23:23
They probably belong to a domain group that has privileges to the other databases.

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 16:29:27
Hi
i couldnt get you properly.can you please let me know in detail where do i check all this.
Regards
Nitin
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 16:33:58
You would have to check with your server admins to see which groups a particular user is a member of. They would check this in the Active Directory.

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 17:16:03
Tara
But everytime i create a new db the user automatically gets rights on the 3 other dbs.Why the user is getting the right on these 3 specific dbs.
Regards
Nitin
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 17:18:52
I already gave you a possible answer.

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 18:28:28
Hi
You mean to say that whenever i create a new login it becomes member of a particular group in the domain and that group has got roghts over the Db.
right?

Regards
Nitin
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 18:30:32
No. A user can be a member of a group in the domain. If that group has access to any of your databases, then that user will also have access to those databases. So are there any domain groups that have access to these other databases?

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 18:40:23
A user can be a member of a group in the domain==>>a user here means the login which i create in sql server?

regards
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 18:43:52
Are these SQL accounts or Windows accounts that you are adding?

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 18:46:15
hi
i am adding a login with exec sp_addlogin and then by exec sp_adduser..

Regards
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 18:50:05
Have you looked at the guest account?

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 18:53:26
Have you looked at the guest account==??
Could nt get you..?
regards
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 19:00:18
Check out guest users in SQL Server Books Online.

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 19:03:47
no this is nt guest account.it cant be
i am assigning default db and i am exec sp_adduse in the db .

regards
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 19:15:42
Did you even read the guest users article in SQL Server Books Online?

Just because you are assigning a default database and using sp_adduser doesn't mean that it isn't the guest account giving this user access to your other databases.

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 19:18:05
yes i did tara
it says"The guest user account allows a login without a user account to access a database."
but does this apply to my case.
Regards
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 19:23:03
How do you know this is not the case? You stated that your user does not have access to the other database. Correct? That's the whole point of the guest account!

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 19:25:26
tara
i said that whenever i create a acount it gets access to 3 specific other user databases databases also other than its default db.

Regards
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2006-05-08 : 19:27:24
Yes I realize that. And that's why the guest account could be the problem here.

Tara Kizer
aka tduggan
Go to Top of Page

nitin1353
Constraint Violating Yak Guru

381 Posts
Posted - 2006-05-08 : 19:27:27
okay tara
you tell me what all should i check.
i will go step by step.Please

Regards
Go to Top of Page
    Next Page

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site