Saturday, February 25, 2012

Need urgent help with pemission problem

Hi all ,

I posted an early post regarding that with no reply , its seem strange that
nobody know that issue coase it looks majur issue .

The problem is when creating a db and the a user for that db only from enterprise manager , when that user log into with enterprise manager also
he can see the content of the master db (also the other default sql2000 system dbs) .

Any way to avoide that issue ?

Any help will be great .Short answer: No.

Longer answer: You can hide the system databases in enterprise manager, but all users will need at least guest access to the master database. You can safely remove the guest user from the msdb database, however. Removing guest from master will result in enterprise manager breaking for anyone who is not in the sysadmin group, I believe.|||Hi ,

Thanks for the answare .

Let me get it , there is no way to protect the master db from regular users
what is point in that ? everyone can see everything , even guest .

This is realy odd thing . im sure microsoft did it for a resone but it doesnt make sence anyhow .

Thanks ,|||McCrowley is right. The Sr. DBA did this at my last company did this and I was trying to work though it in my head. I know you can not remove the guest account in master. Maybe sp_denylogin on their NT accounts. Are you using Windows Authentication?|||Why do your regular users have the Enterprise Manager installed anyways? Let me guess, they are writing ad hoc queries in the QA too. Barf. I was just assuming you were trying to lock out your developers.|||Its for hosting perpose , so you open a user a db asign a user , if he wants
do admin his db its more then fine but why he must see the master db contents , its system content .

Dont get this oproche .

P-s : its mix mode , we decide to open a sql user only(not os)
didint notice the deny login option but deny read will prevent the login all together .

Thanks ,|||sp_denylogin is a system stored procedure.|||Its not NT authentication but sql only , is the stored procidure will be possible also , if its only for system users then its a good couse to change the logins now befor going into production , how can i test the stored procidure you mentioned , how does it work , i come from mysql generaly .

Thanks ,|||I think this one is for NT auth only.|||You may want to start here, for now.

http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp

I would not worry too much over people being able to see the master database, so long as they can not write to it (i.e. have sysadmin rights)|||Almost everything that mentioned in the arcticle is implimented but the mix mode .

Ill try to make some test without it(NT only athentication)

Can you post a demo sytax for the stored procidure you mentioned

will be great .

Many thanks for all your help .|||Notices another odd thing , by changing the mix to NT only it wont allow
logins from operating systems that not login the sql domain .

Very strange all those issues , may be fixed in sql2005 , LOL|||Another wird thing , by changing the sql service from the default localsystem to just a simple user it wont start the service , i did it exactly like micrososft suggested (from enterprise manager) too much crap with this system .|||Almost everything that mentioned in the arcticle is implimented but the mix mode .

Ill try to make some test without it(NT only athentication)

Can you post a demo sytax for the stored procidure you mentioned

will be great .

Many thanks for all your help .

Try SQL books online in the SQL Server Programs folder. Busy today. sorry.|||Notices another odd thing , by changing the mix to NT only it wont allow
logins from operating systems that not login the sql domain .

Very strange all those issues , may be fixed in sql2005 , LOL

this by design and kind of implied by the term NT authentication. it is intended to be the most secure configuration.|||Another wird thing , by changing the sql service from the default localsystem to just a simple user it wont start the service , i did it exactly like micrososft suggested (from enterprise manager) too much crap with this system .

this is a permissions issue. i believe the user must be an admin account on the machine and needs sysadmin rights in SQL Server.

it is not too much crap. it is just a lot too learn. i am no Microsoft apoloigist, but once you get going with it, most of it makes since in the bigger scheme. I have been developing with it for 4 years and admining for about year and I have been studying for the MCDBA most nights for 3 months and I still only know what I am doing a little more than 1/2 the time.|||I have 2 sql2000 books wich i read , no mention to this issue whats os ever .

Also other issues for example microsoft ask not to asign the user admin right
the faq mention a regular user(not admin) and that enetrprise manager will take care of the rest , this is not the case couse the faq is obviusly wronge
that what i ment with too much crap , when system becomes too much complicated then the over all things will be as well complicated , the dbs are not faster . stable or secure then other more simple systems like mysql
people allways say that there is no compitment at all , all i see is complicated , cost lots of moeny , with not much benefits , not faster for sure (see some benchmarks) , we installed it couse few clients realy ensisted but all those issues realy frastrating , from the developer kind of view its a heven , the dba also have lots of options , but too much crap arroung it ,
not stable i mean , microsoft say this , the result that etc...
-|||it is a poor craftsman that blames his tools. forget your books. read books online.|||Hi ,

Not blaming anything , just saying its realy fratrating , Maxdb and sysbase are
not easy as well (not at all) maxdb is very hard to work with but thigs are much clearer , no intgration with os (otherwise its not secure) the core of the product need to be secure regardless of the os integration , also this issue , iv seen other dude that posted quite the same issue (with users can see the system dbs) , i managed to delete the guest account from most of the system dbs but what abuat the master db(the most important if im not mistaken) .

Thanks ,

No comments:

Post a Comment