Management Studio lists all databases
I'm using the Sept CTP. Is there something I can do to hide all databases that the user doesn't have access to?
Thanks,
Scott Forsyth
[559 byte] By [OWScott] at [2008-2-13] 
I'm using the Sept CTP. Is there something I can do to hide all databases that the user doesn't have access to?
Thanks,
Scott Forsyth
A member of db_owner will inherit the VIEW ANY DATABASE permission from the role (see "permissions of fixed database roles" in BOL), which allows him to see all rows in sys.databases. This is done for backward compatibility.
You can deny VIEW ANY DATABASE permission to your user if you don't want him to see all databases.
Thanks
Laurentiu
LaurentiuCristofor at 2007-9-9 >
Ok, that's closer. Thanks for your reply!
Now, how do I view the databases that I do have permission to though? With "View any database" set to deny, I don't even see the ones that I have permission to.
Another semi-related question. Is it possible to set default settings for a new login when using Management Studio?
Thanks,
Scott
Now, how do I view the databases that I do have permission to though? With "View any database" set to deny, I don't even see the ones that I have permission to.
Another semi-related question. Is it possible to set default settings for a new login when using Management Studio?
Thanks,
Scott
OWScott at 2007-9-9 >
There isn't any catalog that exposes the databases to which you have access. But I believe you could write a stored procedure to iterate through all sys.databases entries and attempt to use each database, then print the database name if the operation succeeds. You can sign the procedure so that it has the VIEW ANY DATABASE permission, and then you can grant execute on it to public. This way users can execute the procedure even if they don't have direct access to sys.databases.
What default settings are you interested in setting for the login?
Thanks
Laurentiu
LaurentiuCristofor at 2007-9-9 >
That seems like a step back from SQL 2000 where there was the recent (beginning of 2005) knowledge article on how to change a stored procedure so that Enterprise Manager only listed databases that the logged in user had permissions to.
http://support.microsoft.com/default.aspx/kb/889696?
Of course people could get around it because it didn't change the security in the back end, just the Enterprise Manager list, but it still made things so much better.
On a shared database server that has a hundred databases, this could get messy. I was under the impression that every sys object had a specific permission attached to every object. This means that it a user doesn't have permissions to something, it won't even "list" it. In fact, trying to query it will give a generic error that it either doesn't exist or you don't have access.
http://support.microsoft.com/default.aspx/kb/889696?
Of course people could get around it because it didn't change the security in the back end, just the Enterprise Manager list, but it still made things so much better.
On a shared database server that has a hundred databases, this could get messy. I was under the impression that every sys object had a specific permission attached to every object. This means that it a user doesn't have permissions to something, it won't even "list" it. In fact, trying to query it will give a generic error that it either doesn't exist or you don't have access.
Regarding the default settings, I was just thinking of something like the Securable to deny viewing of all database objects was a common setting, it would be good to set the defaults for a new login creation.
Thanks again!
OWScott at 2007-9-9 >
For the change in behavior from Enterprise Manager to Management Studio, you should post to SQL Server Tools General because this is an issue related to the tool presentation of data.
Selecting from catalogs will not give you errors if you can't access some rows, you'll just not see them. This is different from actually trying to use an object that you don't have access, when you will get the "either doesn't exist or you don't have access" message.
For questions and suggestions on additional settings offered in the dialog for creating a login, you should again post to SQL Server Tools General.
Thanks
Laurentiu
LaurentiuCristofor at 2007-9-9 >
Thanks Laurentiu,
That makes sense as it's directly related to management studio. I'll post over there now. Thanks for your help.
That makes sense as it's directly related to management studio. I'll post over there now. Thanks for your help.
OWScott at 2007-9-9 >
SQL Server Hot Topic
- New Guy Question: Which came first ... the chicken or the checkpoint file?
- Date parameter format incorrectly interpreted
- error during quiet installation of June CTP.
- running number
- How to Delete Files on Maintenance Plan
- Error 8152: "String or binary data would be truncated"
- Previous Row Calculations (sql server 2000)
- Variable Mapping in SSIS
SQL Server New Topic
SQL Server
- SQL Server Integration Services
- Data Mining
- SQL Server Reporting Services
- SQL Server Analysis Services
- SQL Server Tools General
- Transact-SQL
- .NET Framework inside SQL Server
- SQL Server Data Access
- SQL Server SMO/DMO
- SQL Server XML
- SQL Server Replication
- SQL Service Broker
- SQL Server Security
- SQL Server Database Engine
- SQL Server Documentation
- SQL Server Setup & Upgrade
- SQL Server Disaster Recovery and Availability
- SQL Server Notification Services
- SQL Server Compact Edition
- Getting started with SQL Server
- Database Mirroring
- SQL Server Express
Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech
Site Classified
- SQL Server
- Windows Forms
- .NET Development
- Visual Basic
- Visual Studio
- Visual Studio Team System
- Visual Studio Orcas
- Visual Studio Express Editions
- Software Development for Windows Vista
- Visual C#
- Visual C++
- Smart Device Development
- SharePoint Products and Technologies
- Feedback for forums and MSDN websites
- Game Technologies: DirectX, XNA, XACT, etc.
- Visual Studio Tools for Office
- Windows Live Developer Forums
- Microsoft ISV Community Center Forums
- Internet Explorer Development
- Visual FoxPro
- Windows Search Technologies
- Audio and Video Development
- Architecture
- Commerce Server
- Gadgets
- Microsoft Robotics Studio
- Community Chat
- BizTalk Server
- Visual J#
- Windows Networking Development
- Silverlight (formerly WPF/E)
- Popfly
- SQL Server Katmai
- Connected Services Framework
- Office Live Development
- Customer Care Framework
- Incubation Technologies
- Software Engineering Discussion
- System Center
- Software Licensing and Protection Services
- Visual Studio Rosario
- Small Business Application Development
- Office
- Windows Server 2008
- JScript
- Storage Platform – Core
- Misc