Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help understanding SQL Server

Posted on 2014-01-05
2
Medium Priority
?
424 Views
Last Modified: 2014-01-06
I've created a SQL Login on a SQL 2005 server.
In the User Mapping tree, in the "Users mapped to this login" I select the databases that the SQL Login will be able to access. For every database that I tick the system automatically puts a tick in the PUBLIC checkbox under "database role membership for: database_name"

1. Does this mean that SQL Login now has Read-Only access to database_name?
2. I make no other adjustments. Why is it I am able to use a vendor's front-end application, together with that SQL login created earlier, to modify data in tables, etc?
0
Comment
Question by:JCTDD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 750 total points
ID: 39758717
1. No. The public, by default at least, only provides connect permissions on the available endpoints, as well as SELECT/EXECUTE on various system views.

2. Could be any number of reasons. For example, the app could be using a different account to the one you think it is using for some operations. If using stored procedures, the procedure could be executing in a different context.

I'd suggest running a short trace on the database to double check which account it actually connecting to do the UPDATE/INSERTS.

If you want to double check what permissions the public role has, you can execute the following:
SELECT a.[name] + ' ' + v.[name] + ' ON ' + QuoteName(oo.[name]) 
+ '.' + QuoteName(o.[name]) + ' TO ' + QuoteName(u.[name])
   FROM dbo.sysprotects AS p
   JOIN master.dbo.spt_values AS a
      ON (a.number = p.protecttype
      AND 'T' = a.type)
   JOIN master.dbo.spt_values AS v
      ON (v.number = p.action
      AND 'T' = v.type)
   JOIN dbo.sysobjects AS o
      ON (o.id = p.id)
   JOIN dbo.sysusers AS oo
      ON (oo.uid = o.uid)
   JOIN dbo.sysusers AS u
      ON (u.uid = p.uid)
   WHERE  'public' = u.name

Open in new window

0
 
LVL 27

Assisted Solution

by:Zberteoc
Zberteoc earned 750 total points
ID: 39759399
If you want to grant readonly permissions you will have to check the db_datareader role. For read/write db_datawriter role for full rights the db_owner role.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question