Solved

Disable selects on sysobjects table for user

Posted on 2008-06-24
7
1,420 Views
Last Modified: 2008-07-03
Is there any way we can disable a ms sql user from doing selects (or any interaction) on the sysobjects table?

Thanks
~B
0
Comment
Question by:used2could
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 60

Expert Comment

by:chapmandew
ID: 21855992
hi, try this:

use master
go
deny select on sysobjects to sqlusername
0
 

Author Comment

by:used2could
ID: 21856074
Chapmandew,
I've tried that but after running it i was still able to do a select on the sysobjects table with the user i am trying to block. Have any idea why i would still be able to? the sql executed successfully

0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21856107
make sure that the use you denied doesn't have admin permissions.
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 21858990
Be sure to run the command in the db you want to deny permissions on, not necessarily the master db.

USE relatedDbName

DENY SELECT ON sysobjects TO username

If the user is 'dbo' / 'db_owner', I'm not sure DENY has any effect.
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21859004
I am pretty sure it doesn't have an effect if they're the owner or an sa.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 21859220
I know it doesn't have any effect if they're 'sa'.
0
 
LVL 60

Accepted Solution

by:
chapmandew earned 500 total points
ID: 21859387
OK, just did some research.  If the user is a member of the db_owner role, but has been denied view permissions on sys.objects, then they cannot see the system view.  The reason is because this view resides in the mssqlsystemresource database.  Here is the error I got when trying to view the data:

The SELECT permission was denied on the object 'objects', database 'mssqlsystemresource', schema 'sys'.

But, as db_owner, I can do anything else I want in the db.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question