Hi I have some SQL accounts used by Word Mailmerge I would like to
limit what these accounts can do as much as possible.
I have granted them SELECT on the appropriate Views and Revoked SELECT
on sysobjects but when I log into enterprise manager using one of the
accounts I can still get a list of the SQL Accounts,database diagrams
and even stop the SQL Server.
Is there any way to prevent these permissions?
Thanks
hals_left> and even stop the SQL Server? Is this the SA login account? Check the
> membership in the Fixed Server Roles (primarily SYSADMIN) and other Fixed
> Database Roles/User-Defined database roles. You really do not need to
> remove SELECT to system objects.
Also, I'd recommend using Windows Authentication if possible - more secure.
HTH
Jerry
<cc900630@.ntu.ac.uk> wrote in message
news:1128616525.643700.173250@.f14g2000cwb.googlegroups.com...
> Hi I have some SQL accounts used by Word Mailmerge I would like to
> limit what these accounts can do as much as possible.
> I have granted them SELECT on the appropriate Views and Revoked SELECT
> on sysobjects but when I log into enterprise manager using one of the
> accounts I can still get a list of the SQL Accounts,database diagrams
> and even stop the SQL Server.
> Is there any way to prevent these permissions?
> Thanks
> hals_left
>|||Remove them from the sysadmin and or serveradmin fixed server roles. Only
members of those 2 roles can shutdown the SQL server.
Jacco Schalkwijk
SQL Server MVP
<cc900630@.ntu.ac.uk> wrote in message
news:1128616525.643700.173250@.f14g2000cwb.googlegroups.com...
> Hi I have some SQL accounts used by Word Mailmerge I would like to
> limit what these accounts can do as much as possible.
> I have granted them SELECT on the appropriate Views and Revoked SELECT
> on sysobjects but when I log into enterprise manager using one of the
> accounts I can still get a list of the SQL Accounts,database diagrams
> and even stop the SQL Server.
> Is there any way to prevent these permissions?
> Thanks
> hals_left
>|||Hi I have checked & the account its not a member of any server roles.
The only server role with members is System Administrators with members
sa and BUILTIN/Administrators. It is also not a member of any daatbase
roles.
I have only given this account SELECT on 2 views no other permissions
at all.
The acount is Type=Standard, Server Access=Permit.
I just conneced using the Servers IP Address and the user/pass for the
account and can still browse much of the server including creating and
removing backup devices, stopping & starting the server & agent and
viewing other account names.
I cant use Windows authentication for the account because the
connections coming in from other domains.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment