Solved

Disable selects on sysobjects table for user

Posted on 2008-06-24
7
1,414 Views
Last Modified: 2008-07-03
Is there any way we can disable a ms sql user from doing selects (or any interaction) on the sysobjects table?

Thanks
~B
0
Comment
Question by:used2could
  • 4
  • 2
7 Comments
 
LVL 60

Expert Comment

by:chapmandew
ID: 21855992
hi, try this:

use master
go
deny select on sysobjects to sqlusername
0
 

Author Comment

by:used2could
ID: 21856074
Chapmandew,
I've tried that but after running it i was still able to do a select on the sysobjects table with the user i am trying to block. Have any idea why i would still be able to? the sql executed successfully

0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21856107
make sure that the use you denied doesn't have admin permissions.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 69

Expert Comment

by:ScottPletcher
ID: 21858990
Be sure to run the command in the db you want to deny permissions on, not necessarily the master db.

USE relatedDbName

DENY SELECT ON sysobjects TO username

If the user is 'dbo' / 'db_owner', I'm not sure DENY has any effect.
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21859004
I am pretty sure it doesn't have an effect if they're the owner or an sa.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 21859220
I know it doesn't have any effect if they're 'sa'.
0
 
LVL 60

Accepted Solution

by:
chapmandew earned 500 total points
ID: 21859387
OK, just did some research.  If the user is a member of the db_owner role, but has been denied view permissions on sys.objects, then they cannot see the system view.  The reason is because this view resides in the mssqlsystemresource database.  Here is the error I got when trying to view the data:

The SELECT permission was denied on the object 'objects', database 'mssqlsystemresource', schema 'sys'.

But, as db_owner, I can do anything else I want in the db.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Viewers will learn how the fundamental information of how to create a table.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now