Pau Lo
asked on
GUEST account in SQL Server
If you know that server level logins to a specific SQL Server instance are all trusted/authorised staff, then is there any risk at all in enabling the GUEST account on certain user databases. My understanding of GUEST was its not "anyone in the network", you need to already be a SQL server level login anyway, hence if they are all authorised, is there any risk whatsoever in leaving GUEST enabled on these databases?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should not enable the Guest account for access in you SQL server.
It's better to create an account to access your databases and give it to the users that you want to have access.
It's better to create an account to access your databases and give it to the users that you want to have access.
ASKER
So a user with literally no access to the SQL Server whatsoever can access the database via the GUEST account?
ASKER
top 2 respones some to contradict one another...
Sorry, my comment was wrong. Guest account can be used by any existing SQL Server Login. So, if the Guest has more rights than another SQL Server Login it can be used to perform not permissioned actions.
Same here. Any SQL user not mapped to a specific database. could use the guest account to gain access
you have everything what you need to know about
"Guest" sql user
from microhead post
as it said:
"guest" is sql server "default" built-in feature for master, msdb, and tempb system databases:
do not worry about these system DBS
Just delete from user DBS ( including from model if you have)
"Guest" sql user
from microhead post
as it said:
"guest" is sql server "default" built-in feature for master, msdb, and tempb system databases:
do not worry about these system DBS
Just delete from user DBS ( including from model if you have)