Re: SQL Server Express

These are true if the Windows user is an administrator for any database -
and any file for that matter. The same thing is true if you are a root user
on Unix. Administrators generally have permissions to access anything on
the system. The thing that makes Express unique is that it often runs on
the user's desktop so it the user is an administrator on his box, he has
admin rights to SQL Express. Even if you remove the Windows login
capabilities, the administrator has the permissions required to access the
files directly.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Ken Allen" <kendrhyd@xxxxxxxxxxxx> wrote in message
news:%23Sz8uvMLGHA.2416@xxxxxxxxxxxxxxxxxxxxxxx
Roger Wolter[MSFT] wrote:
To allow your SQL Server authenticated users to create tables, you have
to GRANT them permissions to do so with the GRANT command. If all you
want the user to do is create tables, you would specify:
GRANT CREATE DATABASE on DATABASE::xxx to SAM
If you want the user to do anything within that database you could try:
GRANT CONTROL on DATABASE::xxx to SAM

Yes, I am very familiar with configuring specific SQL Server accounts for
access, and I am having no real problems in this area (now that I have
figured out the SCHEMA topics in SQL Server 2005).

The Windows users have rights because they are administrators. There's
not really a good way to block administrator access without making your
database pretty hard to administer.

So any client application that connects to a SQL Server 2005 database, and
especially to a SQL Express database, using "Integrated Security=SSPI"
will automatically have full and unrestricted access to any and all
databases, schemas, tables, and views that exist and can freely access,
modify and delete not only data but the table definitions as well?

That seems to be an extreme security hole, if true, especially as SQL
Express seems to have no mechanism for turning off Windows
authentication -- can this be done with full SQL Server 2005? Are these
restrictions specific to SQL Server Express or generally applicable to SQL
Server 2005?

-ken


.

Relevant Pages

  • Re: Error trying to connect to Access Database
    ... windows admin userid and password. ... your database isn't updatable because of the permissions issue. ... Are you the administrator of the server where the ASP is running? ... I do not know what else to do, and I am trying to get a web site done. ...
    (microsoft.public.access.gettingstarted)
  • Re: Saving WSS site prior to upgrading SQL Server 2005 Express to Standard/Enterprise
    ... Your backup is from a different version of Windows SharePoint Services and ... SQL Server 2005 is available. ... The advantages of the embedded version ("Windows Internal Database") over ...
    (microsoft.public.sharepoint.windowsservices)
  • IIS / SQL Server impersonation
    ... I am attempting to implement impersonation from a windows application ... I have configured the host virtual directory in IIS to require windows ... the database permits Windows Authentication. ... When I try and open a connection to SQL Server: ...
    (microsoft.public.dotnet.security)
  • Re: SharePoint Portal search is not working after changing admin paasw
    ... Just a thought but it could be the access account to the actual SQL server. ... Query on SQL and see if it lets you in as the Administrator. ... > Verified Password for services on our Database Server ...
    (microsoft.public.sharepoint.portalserver)
  • Re: User setup problem.
    ... login permissions for SQL Server. ... have access to SQL Server and the database through their ... windows group role membership which has the permissions.. ...
    (microsoft.public.sqlserver.security)