Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Help understanding SQL Server

Posted on 2014-01-05
2
Medium Priority
?
429 Views
Last Modified: 2014-01-06
I've created a SQL Login on a SQL 2005 server.
In the User Mapping tree, in the "Users mapped to this login" I select the databases that the SQL Login will be able to access. For every database that I tick the system automatically puts a tick in the PUBLIC checkbox under "database role membership for: database_name"

1. Does this mean that SQL Login now has Read-Only access to database_name?
2. I make no other adjustments. Why is it I am able to use a vendor's front-end application, together with that SQL login created earlier, to modify data in tables, etc?
0
Comment
Question by:JCTDD
2 Comments
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 750 total points
ID: 39758717
1. No. The public, by default at least, only provides connect permissions on the available endpoints, as well as SELECT/EXECUTE on various system views.

2. Could be any number of reasons. For example, the app could be using a different account to the one you think it is using for some operations. If using stored procedures, the procedure could be executing in a different context.

I'd suggest running a short trace on the database to double check which account it actually connecting to do the UPDATE/INSERTS.

If you want to double check what permissions the public role has, you can execute the following:
SELECT a.[name] + ' ' + v.[name] + ' ON ' + QuoteName(oo.[name]) 
+ '.' + QuoteName(o.[name]) + ' TO ' + QuoteName(u.[name])
   FROM dbo.sysprotects AS p
   JOIN master.dbo.spt_values AS a
      ON (a.number = p.protecttype
      AND 'T' = a.type)
   JOIN master.dbo.spt_values AS v
      ON (v.number = p.action
      AND 'T' = v.type)
   JOIN dbo.sysobjects AS o
      ON (o.id = p.id)
   JOIN dbo.sysusers AS oo
      ON (oo.uid = o.uid)
   JOIN dbo.sysusers AS u
      ON (u.uid = p.uid)
   WHERE  'public' = u.name

Open in new window

0
 
LVL 27

Assisted Solution

by:Zberteoc
Zberteoc earned 750 total points
ID: 39759399
If you want to grant readonly permissions you will have to check the db_datareader role. For read/write db_datawriter role for full rights the db_owner role.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Long way back, we had to take help from third party tools in order to encrypt and decrypt data.  Gradually Microsoft understood the need for this feature and started to implement it by building functionality into SQL Server. Finally, with SQL 2008, …
Introduction: When running hybrid database environments, you often need to query some data from a remote db of any type, while being connected to your MS SQL Server database. Problems start when you try to combine that with some "user input" pass…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question