Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / August 2006

Tip: Looking for answers? Try searching our database.

Public and Guest

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
CLM - 24 Aug 2006 17:04 GMT
I've got a 2000 server that I want to make sure is within best practices for
Sql Server 2000.  I know that "permissions granted to the public role are
applied to
all users in the database and permissions granted to the guest user
are used by all users who do not have a user account in the database."

The way that my 2000 servers appear to be set up, presumably by default and
no intervention on my own, are with the guest account assigned to the public
role.  As far as I can tell the public account just has standard select
access to the system tables and nothing else.

Do I have these accounts, public and guest, set up correctly?  Is there
something I should do or check?  Also, is there anything I should watch out
for?

Thx...
Reply to this Message
Roger Wolter[MSFT] - 24 Aug 2006 22:25 GMT
Public is what it sounds like - everybody.  All users are part of the public
group so any privileges you grant to public are granted to everybody who
hasn't been deny'ed the privilege.  Guest, as you said, is the user that
anyone who doesn't have a user in the database is mapped to.  You can assign
any privileges you feel are appropriate for a random anonymous user to have.
I recommend explicitly Denying privileges to the guest user so they don't
accidentally get permissions that someone grants to public.

Signature

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

> I've got a 2000 server that I want to make sure is within best practices
> for
[quoted text clipped - 16 lines]
>
> Thx...
Reply to this Message
Dan Guzman - 25 Aug 2006 13:57 GMT
To add to Roger's response, the guest account exists in all databases but is
enabled by default only in system databases.  Unless you explicitly enable
the guest user (sp_adduser 'guest'), no database access will be not be
allowed until you explicitly added the user to the database.  Personally, I
only enable the guest user in SQL 2000 in the special case where
cross-database chaining is used.

Signature

Hope this helps.

Dan Guzman
SQL Server MVP

> I've got a 2000 server that I want to make sure is within best practices
> for
[quoted text clipped - 16 lines]
>
> Thx...
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.