Solved

Help understanding SQL Server

Posted on 2014-01-05
2
418 Views
Last Modified: 2014-01-06
I've created a SQL Login on a SQL 2005 server.
In the User Mapping tree, in the "Users mapped to this login" I select the databases that the SQL Login will be able to access. For every database that I tick the system automatically puts a tick in the PUBLIC checkbox under "database role membership for: database_name"

1. Does this mean that SQL Login now has Read-Only access to database_name?
2. I make no other adjustments. Why is it I am able to use a vendor's front-end application, together with that SQL login created earlier, to modify data in tables, etc?
0
Comment
Question by:JCTDD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 250 total points
ID: 39758717
1. No. The public, by default at least, only provides connect permissions on the available endpoints, as well as SELECT/EXECUTE on various system views.

2. Could be any number of reasons. For example, the app could be using a different account to the one you think it is using for some operations. If using stored procedures, the procedure could be executing in a different context.

I'd suggest running a short trace on the database to double check which account it actually connecting to do the UPDATE/INSERTS.

If you want to double check what permissions the public role has, you can execute the following:
SELECT a.[name] + ' ' + v.[name] + ' ON ' + QuoteName(oo.[name]) 
+ '.' + QuoteName(o.[name]) + ' TO ' + QuoteName(u.[name])
   FROM dbo.sysprotects AS p
   JOIN master.dbo.spt_values AS a
      ON (a.number = p.protecttype
      AND 'T' = a.type)
   JOIN master.dbo.spt_values AS v
      ON (v.number = p.action
      AND 'T' = v.type)
   JOIN dbo.sysobjects AS o
      ON (o.id = p.id)
   JOIN dbo.sysusers AS oo
      ON (oo.uid = o.uid)
   JOIN dbo.sysusers AS u
      ON (u.uid = p.uid)
   WHERE  'public' = u.name

Open in new window

0
 
LVL 27

Assisted Solution

by:Zberteoc
Zberteoc earned 250 total points
ID: 39759399
If you want to grant readonly permissions you will have to check the db_datareader role. For read/write db_datawriter role for full rights the db_owner role.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Long way back, we had to take help from third party tools in order to encrypt and decrypt data.  Gradually Microsoft understood the need for this feature and started to implement it by building functionality into SQL Server. Finally, with SQL 2008, …
Hi all, It is important and often overlooked to understand “Database properties”. Often we see questions about "log files" or "where is the database" and one of the easiest ways to get general information about your database is to use “Database p…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question