Solved

Help understanding SQL Server

Posted on 2014-01-05
2
407 Views
Last Modified: 2014-01-06
I've created a SQL Login on a SQL 2005 server.
In the User Mapping tree, in the "Users mapped to this login" I select the databases that the SQL Login will be able to access. For every database that I tick the system automatically puts a tick in the PUBLIC checkbox under "database role membership for: database_name"

1. Does this mean that SQL Login now has Read-Only access to database_name?
2. I make no other adjustments. Why is it I am able to use a vendor's front-end application, together with that SQL login created earlier, to modify data in tables, etc?
0
Comment
Question by:JCTDD
2 Comments
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 250 total points
ID: 39758717
1. No. The public, by default at least, only provides connect permissions on the available endpoints, as well as SELECT/EXECUTE on various system views.

2. Could be any number of reasons. For example, the app could be using a different account to the one you think it is using for some operations. If using stored procedures, the procedure could be executing in a different context.

I'd suggest running a short trace on the database to double check which account it actually connecting to do the UPDATE/INSERTS.

If you want to double check what permissions the public role has, you can execute the following:
SELECT a.[name] + ' ' + v.[name] + ' ON ' + QuoteName(oo.[name]) 
+ '.' + QuoteName(o.[name]) + ' TO ' + QuoteName(u.[name])
   FROM dbo.sysprotects AS p
   JOIN master.dbo.spt_values AS a
      ON (a.number = p.protecttype
      AND 'T' = a.type)
   JOIN master.dbo.spt_values AS v
      ON (v.number = p.action
      AND 'T' = v.type)
   JOIN dbo.sysobjects AS o
      ON (o.id = p.id)
   JOIN dbo.sysusers AS oo
      ON (oo.uid = o.uid)
   JOIN dbo.sysusers AS u
      ON (u.uid = p.uid)
   WHERE  'public' = u.name

Open in new window

0
 
LVL 26

Assisted Solution

by:Zberteoc
Zberteoc earned 250 total points
ID: 39759399
If you want to grant readonly permissions you will have to check the db_datareader role. For read/write db_datawriter role for full rights the db_owner role.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
replicated - directional or bidirectional? 3 35
While in ##Table - Help 4 19
Need help with a Stored Proc on Sql Server 2012 4 28
SQL Stored Proc - Performance Enhancement 15 53
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question