none
SQL Login "disabled" flag does not work with asymmetric key??

    Question

  • If I create a normal interactive SQL login, the Disabled flag for the login controls whether that user can log in with the login name and password.  For example,

    ALTER LOGIN MyUser DISABLE

    will prevent anyone from logging in with this MyUser login.

    However if I create a SQL login FROM ASYMMETRIC KEY, the Disabled flag  for the login seems  to have no effect.  For example, assemblies in executable files from which the asymmetric key was created can still be used even if the login is "disabled".

    Is this by design?  If so, why?

    It would seem to me that if a login is disabled, no rights granted to that login should be accessible, including "GRANT EXTERNAL ACCESS ASSEMBLY TO ..." and "GRANT UNSAFE ASSEMBLY TO..."

    (I suspect that disabling a login will also have no effect on execution of stored procedures signed with that login's asymmetric key either, though I have not test this.)

    Can someone please comment on this behavior?

    Monday, September 23, 2013 9:39 PM

Answers

All replies