473,661 Members | 2,431 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Everyone can see the Master database?


I installed SQL Server, created a database for a sql server user and
noticed that the user has access to the master database even though the
checkbox for master database for the user login is not checked.
They can list sysusers and find out all the names. They can list all the
databases as well by using sp_helpdb.

Is this normal behavior?
If I check db_denydataread er and db_denydatawrit er in the master database
for that user, will that break anything?

John Dalberg
Jul 20 '05 #1
1 2997
Karim (karim3411@!!ya hoo!!.com) writes:
I installed SQL Server, created a database for a sql server user and
noticed that the user has access to the master database even though the
checkbox for master database for the user login is not checked.
They can list sysusers and find out all the names. They can list all the
databases as well by using sp_helpdb.

Is this normal behavior?
Yes. This is because the guest user is present in master. This means that
even if your login does not map to a specific user in master, your login
maps to guest. And Books Onlines says that guest must be present in master.
If I check db_denydataread er and db_denydatawrit er in the master database
for that user, will that break anything?


Well, to add the login to this role, you would first have to add the user.
But you could add guest to these roles. And, yes, that will break things.
I did a quick test. When I tried to login as a plain user, I got a
permission error on spt_values.

Possibly you could deny access on some tables, but I suspect that you
would be wondering off in the land of unsupported.

The good news is that in the next version of SQL Server, the metadata is
not equally well exposed, and the basic principle is that you should only
see the objects that you have permission to. That is, you may still be
able to read sys.databases, but you would only see the databases you
have permission to.

--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp
Jul 20 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
3497
Recover Master database fron only MDF file
by: Moti | last post by:
I have SQL server 2000 which recently crashed. I try to recover it and found out that the Master database is corrupt. I never backup my server using inline sql backup nor any third party backup program that aware to SQL server. But I have full system backup of volume c on tape (using NTBackup), which includes old version of Master database. My questions are: 1. How can I recover this file into SQL server? 2. If so, it is not risky to...
Microsoft SQL Server
2
10601
Restore SQL master database from a file
by: Moti.Ba | last post by:
Hello, I need to restore the Master DB in my SQL 2k server (with sp3). The problem is that i don't have SQL backups of this file I only have general backup of the entire c:\ drive i made using NTBackup. So i tried all I know and succesfully run the rebuildm utility. Now when I try to restore it from the general backup (not SQL backup) using "restore database master from gen_backup" i got error: "The file on device 'gen_backup' is not a...
Microsoft SQL Server
3
8476
Link Child Link Master Not Working
by: Mark C | last post by:
I have a unbound form with a tab control with four tabs in an Access 97 database. On each tab I have a sub form each form on the sub forms is bound to its own table. Each table has a field that can link them all together. I have put an invisible unbound control on the master form that gets populated on open. I set the link child and link master of each sub form to the unbound control on the master form. When the form opens all the subforms...
Microsoft Access / VBA
1
2941
Best Use of Master Pages - dynamic content and event handling
by: LilC | last post by:
I'm creating an application that has a standard layout for all pages. The information that is displayed in the layout will be dynamic based on the user that is logged in. Thus when a page is browsed to, I need to check to see if the user has logged in or not. Then if they have logged in, I need to pull their information from the database to display in the header. In previous applications, I made use of a base web page that all the...
ASP.NET
0
2095
content page subscriber to master page event doesn't update on 2nd postback
by: Managed Code | last post by:
Hello All, Here is my issue and thanks in advance for any assistance. I have a base page with a dropdownlist that fires an event with the selected index. The content page catches the event and sets a connection string to the database. The content page has a simple gridview that should show records from the selected database. Initial content page displays data from correct place. first change of dropdownlist correctly updates content...
ASP.NET
1
5957
How to recover deleted data from master database
by: vonlinkerstain | last post by:
Hi all, I made a horrible thing this week. I have an script that delete all data from all user tables, and I run it in the master database. After this I couldn't access the metadata from the tables of my databases using a JDBC connection. My script runs over all sysobject that are different from dtproperties. I don't have a back up of master table. I have tried to copy the data from another master database (from another machine) but I did...
Microsoft SQL Server
6
7024
6.5 master database syslogs full
by: brian.j.parker | last post by:
I inherited an application (or two) that run on SQL Server 6.5, which I haven't used in years, and am having a problem. I get the error: ------------------------------------------------------------------------ Can't allocate space for object 'Syslogs' in database 'master' because the 'logsegment' segment is full. If you ran out of space in Syslogs, dump the transaction log. Otherwise, use ALTER DATABASE or sp_extendsegment to increase...
Microsoft SQL Server
1
1254
Master database backend (20 offices) Please help!
by: Parasyke | last post by:
I have a dilemma. I have 20 branch offices that need to be able to upload their unique copy of all their backend tables to a master database at a corporate office. I really need only a copy of those new records, deleted records , or changed records (but I guess exporting all the data would not be a problem, not very big tables). Can I write a query that updates the master database tables at corporate and have that query launched on demand...
Microsoft Access / VBA
1
1528
Appending data to a master database from another database
by: Parasyke | last post by:
How can I, without using Replication technology, append a table in my master database from data in another database? I have several field offices with sales data that I want, on demand, to append up to my home office Master database... any ideas? Thanks!!!! Dav
Microsoft Access / VBA
0
8432
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8855
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8758
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
8633
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
6185
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4346
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2762
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
1986
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
2
1743
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us