Solved

permission to hit instance from ssms

Posted on 2010-09-16
15
333 Views
Last Modified: 2012-05-10
even though the user has read permissions to the database, what is the basic permissions required for that domain login user to be able to successfully make a connection to the instance through the SSMS engine? is that a OS setting or ports?

Thanks
0
Comment
Question by:anushahanna
  • 9
  • 6
15 Comments
 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 33692194
Login should be active and has CONNECT privileges to the server ie., Master database.

>> is that a OS setting or ports?

Nothing with respect to OS or port but the permission granted to the user or login.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33692769
OK. Thanks.

Is it a grant statement that can give connect to a login? can you please suggest the syntax?

i tried something like grant connect to login [SRBSV\jimw], but it is not right..
0
 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 33692866
>> Is it a grant statement that can give connect to a login? can you please suggest the syntax?

Forgot to explain in more detail.
When you create a login, it would by having access to master database. In the same way, login can be assigned to some other database as default instead of master.

In that case, you need to have GRANT CONNECT granted to the particular user to connect to user databases.

>> grant connect to login [SRBSV\jimw]

Below should work:
USE ur_user_db_name
GO
GRANT CONNECT SQL TO [someuser]
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33692966
OK. Thank you.

When i did your code, it says

Permissions at the server scope can only be granted when the current database is master
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33692979
to recap, i created a login and then the user at the database for this login.

then i said

use tracker
grant connect sql to jimw, and then it gave the above message.
0
 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 33693245
Sorry for the confusion, Script to prevent user from those databases should be

USE ur_user_db_name
GO
REVOKE VIEW ANY DATABASE FROM [SRBSV\jimw]
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33693402
The above fails with
USE ur_user_db_name
but works ok with
USE master
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 6

Author Comment

by:anushahanna
ID: 33693408
GRANT VIEW ANY DATABASE TO [SRBSV\jimw]
works from master too..

but can we just specify the database and not do 'any'
0
 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 33698074
>> GRANT VIEW ANY DATABASE TO [SRBSV\jimw]
works from master too..

Yes, Grant will work from Master only.
In order to prevent users from viewing other databases, they have to be revoked from the user databases using REVOKE statement provided above in the user databases..
Hope this is what I understood your problem is else kindly clarify..
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33701771
like GRANT, REVOKE also says it can work only from MASTER database; how then can we specify which database we want to revoke VIEW ANY DATABASE?
0
 
LVL 57

Expert Comment

by:Raja Jegan R
ID: 33710452
Tired a little bit on that day and hence confused you out:

1. In order to deny users viewing any user databases, then issue the below

use master
GO
REVOKE VIEW ANY DATABASE from public
GO

2. Once issued, users would be able to see only master and tempdb databases alone. If you want users (your login) to see any user databases then issue
use ur_db_name
GO
GRANT CONNECT SQL TO user_name
GO

Hope this clarifies
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33772504
Thanks. I could see the effect of
REVOKE VIEW ANY DATABASE from public
very clearly.

Could I have just did that to the login, instead of public?
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33772508
>>
use ur_db_name
GO
GRANT CONNECT SQL TO user_name
GO

it says
"Permissions at the server scope can only be granted when the current database is master"
0
 
LVL 57

Accepted Solution

by:
Raja Jegan R earned 500 total points
ID: 33775552
>> Could I have just did that to the login, instead of public?

Yes, just use the login name instead of public which should do:
use master
GO
REVOKE VIEW ANY DATABASE from login_name
GO

>> "Permissions at the server scope can only be granted when the current database is master"

Sorry for the confusion again..
Once VIEW ANY DATABASE is revoked, only the databases where the particular login have users created will be visible in SSMS.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33890405
Thanks very much.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now