I've got a 2000 server that I want to make sure is within best practices for
Sql Server 2000. I know that "permissions granted to the public role are
applied to
all users in the database and permissions granted to the guest user
are used by all users who do not have a user account in the database."
The way that my 2000 servers appear to be set up, presumably by default and
no intervention on my own, are with the guest account assigned to the public
role. As far as I can tell the public account just has standard select
access to the system tables and nothing else.
Do I have these accounts, public and guest, set up correctly? Is there
something I should do or check? Also, is there anything I should watch out
for?
Thx...Public is what it sounds like - everybody. All users are part of the public
group so any privileges you grant to public are granted to everybody who
hasn't been deny'ed the privilege. Guest, as you said, is the user that
anyone who doesn't have a user in the database is mapped to. You can assign
any privileges you feel are appropriate for a random anonymous user to have.
I recommend explicitly Denying privileges to the guest user so they don't
accidentally get permissions that someone grants to public.
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"CLM" <CLM@.discussions.microsoft.com> wrote in message
news:F3C64B72-F96C-4052-AEA9-BEB4BFBAA323@.microsoft.com...
> I've got a 2000 server that I want to make sure is within best practices
> for
> Sql Server 2000. I know that "permissions granted to the public role are
> applied to
> all users in the database and permissions granted to the guest user
> are used by all users who do not have a user account in the database."
> The way that my 2000 servers appear to be set up, presumably by default
> and
> no intervention on my own, are with the guest account assigned to the
> public
> role. As far as I can tell the public account just has standard select
> access to the system tables and nothing else.
> Do I have these accounts, public and guest, set up correctly? Is there
> something I should do or check? Also, is there anything I should watch
> out
> for?
> Thx...|||To add to Roger's response, the guest account exists in all databases but is
enabled by default only in system databases. Unless you explicitly enable
the guest user (sp_adduser 'guest'), no database access will be not be
allowed until you explicitly added the user to the database. Personally, I
only enable the guest user in SQL 2000 in the special case where
cross-database chaining is used.
Hope this helps.
Dan Guzman
SQL Server MVP
"CLM" <CLM@.discussions.microsoft.com> wrote in message
news:F3C64B72-F96C-4052-AEA9-BEB4BFBAA323@.microsoft.com...
> I've got a 2000 server that I want to make sure is within best practices
> for
> Sql Server 2000. I know that "permissions granted to the public role are
> applied to
> all users in the database and permissions granted to the guest user
> are used by all users who do not have a user account in the database."
> The way that my 2000 servers appear to be set up, presumably by default
> and
> no intervention on my own, are with the guest account assigned to the
> public
> role. As far as I can tell the public account just has standard select
> access to the system tables and nothing else.
> Do I have these accounts, public and guest, set up correctly? Is there
> something I should do or check? Also, is there anything I should watch
> out
> for?
> Thx...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment