라이브러리 학습 코드 다운로드 지원 커뮤니티 포럼
Microsoft Developer Network >
Deny/Revoke permission on sysdatabases

Unanswered Deny/Revoke permission on sysdatabases

  • 2011년 10월 4일 화요일 오후 6:25
     
     
    로그인하여 투표
    0
    Hi,

    I want to revoke/deny select on master..sysdatabases from a specific user. 

    I ran DENY select ON master.dbo.sysdatabases to User1
    REVOKE select ON master.dbo.sysdatabases from User1

    But it doesn't help. User1 still can run select * from master.dbo.sysdatabases.
    Can anyone help me on this issue?

    Thanks
     

모든 응답

  • 2011년 10월 4일 화요일 오후 9:26
     
     
    로그인하여 투표
    0

    REVOKE removes any previous permission statement, both GRANT AND DENY, and returns the user to neutral. In your case, your REVOKE removed the DENY. So just do:

    DENY select ON master.dbo.sysdatabases to User1;

    And then stop. But also DENY sys.databases.

    DENY SELECT ON sys.databases TO User1;

     

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
     
  • 2011년 10월 4일 화요일 오후 9:37
     
     
    로그인하여 투표
    0

    I think DENY on sys.databases can cause quite some problems.

    Better is probably to REVOKE VIEW ANY DATABASE for this user. This permission is granted by default. Without this permission, you can only see the system databases, and any database you own.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
     
  • 2011년 10월 4일 화요일 오후 10:28
     
     
    로그인하여 투표
    0

    Thank you very much for your reply.

    I am sorry I posted the statements in incorrect order.

    At the first time I tried to revoke the permission by running REVOKE select ON master.dbo.sysdatabases from User1 But it did not help.

    Then I tried with DENY select ON master.dbo.sysdatabases to User1 It did not help either.

    Right now I tried your suggestion DENY select ON master.dbo.sysdatabases to User1; and DENY select ON master.dbo.sysdatabases to User1;

    But It cannot help. The User1 still can run select * from master.dbo.sysdatabases. I am using SQL Server 2005 Standard Edition.

    REVOKE removes any previous permission statement, both GRANT AND DENY, and returns the user to neutral. In your case, your REVOKE removed the DENY. So just do:

    DENY select ON master.dbo.sysdatabases to User1;

    And then stop. But also DENY sys.databases.

    DENY SELECT ON sys.databases TO User1;

     

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty



    • 편집됨 lazymouse 2011년 10월 4일 화요일 오후 10:50
    •  
     
  • 2011년 10월 4일 화요일 오후 10:29
     
     
    로그인하여 투표
    0
    Thanks for your help. I tried Revoke view any database to User1. But it did not help. :(

    I think DENY on sys.databases can cause quite some problems.

    Better is probably to REVOKE VIEW ANY DATABASE for this user. This permission is granted by default. Without this permission, you can only see the system databases, and any database you own.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

     
  • 2011년 10월 5일 수요일 오후 9:47
     
     
    로그인하여 투표
    0

    Can you run this batch and post the output?

    EXECUTE AS LOGIN = 'User1'
go
SELECT * FROM fn_my_permissions(NULL, NULL)
go
REVERT
    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se
     
  • 2011년 10월 11일 화요일 오전 6:55
    중재자
     
     
    로그인하여 투표
    0

    Hi Lazymouse,

    Could you please let us know the latest update?

    Best Regards,
    Peja

    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
     
© 2013 Microsoft.
|
사이트 의견