Hi knights,
Pls show me the way to prevent the other users seeing all database names when they logon into SQL Server. Thnks in advance!If they are using Windows authentication [preferred]:
1. Group users into a Windows Domain Security group (NT admin)
2. Add NT Group to SQL Server Logins (using EM or sp_AddLogin)
2a. Select a default database (using EM or sp_AddLogin, @.defdb)
3. Grant the NT Group access to the desired database(s) (using EM or sp_grantdbaccess)
4. Either assign the NT Group to an appropriate standard database role (eg db_datareader) or a custom role that you create.
5. Done
Alternatively, you could assign SELECT, UPDATE, DELETE, EXECUTE privileges directly to the NT Group, but it's not strictly considered a "best practice".
If the are using SQL authentication [not preferred]:
1. Create individual SQL user accounts using EM or sp_AddLogin
2. Select a default database (using EM or sp_AddLogin, @.defdb)
3. Grant each user access to the desired database(s) (using EM or sp_grantdbaccess)
4. You MUST assign either a standard db role or a custom role; trying to manage individual permissions to individual logins can be REALLY hairy.
If you are going to be using SQL authentication, I think you should:
1. Consider scripting the user administration and using a front-end tool other than EM or QA.
2. Be aware that the user names and passwords are sent out over the wire using a weak hashing algorithm that is easily defeated (ie, watch out for snoopers and definitely avoid the internet)
HTH,
hmscott
Hi knights,
Pls show me the way to prevent the other users seeing all database names when they logon into SQL Server. Thnks in advance!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment