"byrocat" <bd******@sympatico.ca> wrote in message
news:11*********************@o13g2000cwo.googlegro ups.com...
I'm chasing after a documetn that was available on one of the Microsoft
websites that was titled somethign like "MS SQL Server Best Practices"
and detailed a nyumber of best practices about securing the server.
Included in this was revoking public access to the system table
objects.
Can someone post the URL where I can pick this up, or drop me a note on
contacting them for a copy of the document?
You can find the Microsoft security docs, including a best practices white
paper, here:
http://www.microsoft.com/sql/techinf...y/default.mspx
I don't know of any good reason to revoke public permissions on system
tables - it might actually break something if users can't retrieve metadata
for some operations. Books Online states that a REVOKE applied to the public
role applies to all database users, which is probably not desirable in many
cases.
This issue often seems to be raised by IT auditors, probably because it has
somehow became part of an industry-standard audit checklist, but the MS best
practices document says only "do not grant additional permissions to this
role", implying that the existing permissions are fine:
http://www.microsoft.com/technet/pro.../sp3sec02.mspx
Simon