Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 Create Login...

Author  Topic 

ZarrinPour
Yak Posting Veteran

66 Posts
Posted - 2008-01-21 : 13:01:48
Hi all
As you know in [Enterprise Manager] , in the left pane and in Security\Login section we can create Logings for users by just
Right click in the Right pane and select [New Login...]
But i couldn't understand one thing !!! when i create a new login with specifying ONLY:
1) Login Name
2) Sql Server Authentication Mode
and without specifying Server Roles and Database Access, the created Login has Default Access to System Databases such as
Master,MSDB and TempDB databases !!! is there an way to revoke this Access permission from Created Login? if so how?

By the way i have anotehr Question. when you are assigning Database Role to a login there are some Fixed Database Roles such as db_owner
but we have also db_DataReader and db_DenyDataReader i want to know
why do we have both db_DataReader and db_DenyDataReader roles at the same time ??? nothing only curious !!!

Thanks in advance.
Kind Regards.

eyechart
Master Smack Fu Yak Hacker

3575 Posts
Posted - 2008-01-21 : 14:34:55
i don't think there is a way to prevent access to the system databases. what exactly are you trying to accomplish? are you storing or creating objects containing sensitive data in the system databases?

as for db_denydatareader/datawriter roles, they are used to deny reading and writing of all user tables in a database. You can use these if you want to explicitly deny read/write permissions to users on a given database.

an example would be if you granted a domain group called ALL_USERS db_datareader fixed role to allow all members of this group read permissions on a given database. If you had a requirement to prevent a subset of the ALL_USERS domain group from reading this database, you would grant that user or group the db_denydatareader fixed role.



-ec
Go to Top of Page

rmiao
Master Smack Fu Yak Hacker

7266 Posts
Posted - 2008-01-21 : 14:45:51
Regarding system dbs' permission, all logins have basic permission since there is guest user id in those dbs.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site