Re: SQL Server Express
- From: Ken Allen <kendrhyd@xxxxxxxxxxxx>
- Date: Wed, 08 Feb 2006 11:25:40 -0500
Roger Wolter[MSFT] wrote:
To allow your SQL Server authenticated users to create tables, you have to GRANT them permissions to do so with the GRANT command. If all you want the user to do is create tables, you would specify:
GRANT CREATE DATABASE on DATABASE::xxx to SAM
If you want the user to do anything within that database you could try:
GRANT CONTROL on DATABASE::xxx to SAM
Yes, I am very familiar with configuring specific SQL Server accounts for access, and I am having no real problems in this area (now that I have figured out the SCHEMA topics in SQL Server 2005).
The Windows users have rights because they are administrators. There's not really a good way to block administrator access without making your database pretty hard to administer.
So any client application that connects to a SQL Server 2005 database, and especially to a SQL Express database, using "Integrated Security=SSPI" will automatically have full and unrestricted access to any and all databases, schemas, tables, and views that exist and can freely access, modify and delete not only data but the table definitions as well?
That seems to be an extreme security hole, if true, especially as SQL Express seems to have no mechanism for turning off Windows authentication -- can this be done with full SQL Server 2005? Are these restrictions specific to SQL Server Express or generally applicable to SQL Server 2005?
-ken
.
- Follow-Ups:
- Re: SQL Server Express
- From: Roger Wolter[MSFT]
- Re: SQL Server Express
- References:
- SQL Server Express
- From: Ken Allen
- Re: SQL Server Express
- From: Ken Allen
- Re: SQL Server Express
- From: Roger Wolter[MSFT]
- SQL Server Express
- Prev by Date: SQL Server Mgmt Exp - Importing Data from csv.
- Next by Date: Newbie to SQL Express
- Previous by thread: Re: SQL Server Express
- Next by thread: Re: SQL Server Express
- Index(es):
Relevant Pages
|
