Public roles in sql server 2000 > Discussions

July 30, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: Public roles in sql server 2000

Prev Next

Add Reply

Author

Messages

ReshadIT (guest)

09/30/2008 3:42 PM	Quote Reply Alert
Chip: I have created a role in a Northwind database and added a login including the user in the database. I have granted INSERT UPDATE DELETE to all the 'U' xtype objects defined in sysobjects. (All user tables basically) I have added the user in the database role I have created to inherit all these permissions and decided to test if I can execute CustOrderHist store procedure in Northwind without giving explict exec rights to do so. Sure enough it worked , which I have looked up on BOL and found that public role defaults to exec all System store procedures and will not do so unless the user is in the role. I am puzzled on why User store procedures are able to do so. Worse, I took out the user from the database role and STILL able to exec the store procedure. Why Chip? Why? Why? Why? Reshad

Add Reply

Forums > Discussions > SQL Server Security > Public roles in sql server 2000

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6