Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / June 2005

Tip: Looking for answers? Try searching our database.

Permissions not enforced

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Hoof Hearted - 28 Jun 2005 09:30 GMT
I have a pc set up with a System DSN to access my Sql Server. It is set up to
use NT Authentication according to the Login Name.

I have discovered that the User has full permissions to Select, Insert,
Update and delete records in any table. In Enterprise Manager this User is
configured to have just Select permissions on a few tables. Some of my tables
are set up with Update and Delete permissions revoked for all Users and
Roles.  So it appears to me that the DSN is not using NT Authentication and
that the User is being authenticated with sa permissions.

Where am I going wrong?
Reply to this Message
Sue Hoegemeier - 28 Jun 2005 13:26 GMT
You can query master..sysprocesses to see how the user is
connecting, what login is used. If the user is connecting
using Windows authentication then the user is likely
inheriting permissions through membership in a group.

-Sue

>I have a pc set up with a System DSN to access my Sql Server. It is set up to
>use NT Authentication according to the Login Name.
[quoted text clipped - 7 lines]
>
>Where am I going wrong?
Reply to this Message
Hoof Hearted - 28 Jun 2005 21:42 GMT
Yes it turns out the account I was testing it with, is a member of the NT
administrators group. But I had explicity denied him certain permissions
within the database. So I am surprised that his membership of the
Administrators group overrides this.
Reply to this Message
Sue Hoegemeier - 29 Jun 2005 05:49 GMT
By default, the builtin\administrators group is added to SQL
Server as sysadmins. Members of sysadmins can do whatever
and bypass any denies.

-Sue

>Yes it turns out the account I was testing it with, is a member of the NT
>administrators group. But I had explicity denied him certain permissions
>within the database. So I am surprised that his membership of the
>Administrators group overrides this.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.