Solved

Disable selects on sysobjects table for user

Posted on 2008-06-24
7
1,421 Views
Last Modified: 2008-07-03
Is there any way we can disable a ms sql user from doing selects (or any interaction) on the sysobjects table?

Thanks
~B
0
Comment
Question by:used2could
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 60

Expert Comment

by:chapmandew
ID: 21855992
hi, try this:

use master
go
deny select on sysobjects to sqlusername
0
 

Author Comment

by:used2could
ID: 21856074
Chapmandew,
I've tried that but after running it i was still able to do a select on the sysobjects table with the user i am trying to block. Have any idea why i would still be able to? the sql executed successfully

0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21856107
make sure that the use you denied doesn't have admin permissions.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 21858990
Be sure to run the command in the db you want to deny permissions on, not necessarily the master db.

USE relatedDbName

DENY SELECT ON sysobjects TO username

If the user is 'dbo' / 'db_owner', I'm not sure DENY has any effect.
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21859004
I am pretty sure it doesn't have an effect if they're the owner or an sa.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 21859220
I know it doesn't have any effect if they're 'sa'.
0
 
LVL 60

Accepted Solution

by:
chapmandew earned 500 total points
ID: 21859387
OK, just did some research.  If the user is a member of the db_owner role, but has been denied view permissions on sys.objects, then they cannot see the system view.  The reason is because this view resides in the mssqlsystemresource database.  Here is the error I got when trying to view the data:

The SELECT permission was denied on the object 'objects', database 'mssqlsystemresource', schema 'sys'.

But, as db_owner, I can do anything else I want in the db.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question