| Author |
Viewing Particular Databases
|
|
| Leila 2006-02-06, 11:23 am |
| Hi,
For a hosting company, I need to protect databases from unrelated logins. I
mean logins must not be able to see other databases while using SSMS. But be
able to view their own database in the list.
Any help would be greatly appreciated.
Leila
| |
| Uri Dimant 2006-02-06, 11:23 am |
| Leila
I assume you are using SQL Server 2005.
If the login has no access to the specific database , the error will ne
thrown by SQL Server
Don't forget to connect to Object Explorer with an appropriate login
Also take a loog at DENY CONNECT to..... in the BOL
"Leila" <Leilas@hotpop.com> wrote in message
news:e7bCVIzKGHA.604@TK2MSFTNGP14.phx.gbl...
> Hi,
> For a hosting company, I need to protect databases from unrelated logins.
> I
> mean logins must not be able to see other databases while using SSMS. But
> be
> able to view their own database in the list.
> Any help would be greatly appreciated.
> Leila
>
>
>
| |
| Uri Dimant 2006-02-06, 11:23 am |
| Sorry
Should be "take a look"
"Uri Dimant" <urid@iscar.co.il> wrote in message
news:%23YdfFMzKGHA.516@TK2MSFTNGP15.phx.gbl...
> Leila
> I assume you are using SQL Server 2005.
> If the login has no access to the specific database , the error will ne
> thrown by SQL Server
>
> Don't forget to connect to Object Explorer with an appropriate login
>
> Also take a loog at DENY CONNECT to..... in the BOL
>
>
>
>
>
>
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:e7bCVIzKGHA.604@TK2MSFTNGP14.phx.gbl...
>
>
| |
| Sreejith G 2006-02-06, 11:23 am |
| Create SCHEMA permissions. IF your are using Sql Server 2005 ?
GRANT permission [ ,...n ] ON
XML SCHEMA COLLECTION :: [ schema_name . ]
XML_schema_collectio
n_name
TO <database_principal> [ ,...n ]
[ WITH GRANT OPTION ]
[ AS <database_principal> ]
<database_principal> ::=
Database_user
| Database_role
| Application_role
| Database_user_mapped
_to_Windows_User
| Database_user_mapped
_to_Windows_Group
| Database_user_mapped
_to_certificate
| Database_user_mapped
_to_asymmetric_key
| Database_user_with_n
o_login
Thanks,
Sree
"Leila" wrote:
> Hi,
> For a hosting company, I need to protect databases from unrelated logins. I
> mean logins must not be able to see other databases while using SSMS. But be
> able to view their own database in the list.
> Any help would be greatly appreciated.
> Leila
>
>
>
>
| |
| Leila 2006-02-06, 11:23 am |
| Hi Uri,
Yes I'm using SQL Server 2005. Each login has a user in only one database.
The login must be able to connect, but I don't want the login to be able to
see list of other databases in the list of SSMS (except his related
database). I use the correct login when I connect to SSMS.
"Uri Dimant" <urid@iscar.co.il> wrote in message
news:%23YdfFMzKGHA.516@TK2MSFTNGP15.phx.gbl...
> Leila
> I assume you are using SQL Server 2005.
> If the login has no access to the specific database , the error will ne
> thrown by SQL Server
>
> Don't forget to connect to Object Explorer with an appropriate login
>
> Also take a loog at DENY CONNECT to..... in the BOL
>
>
>
>
>
>
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:e7bCVIzKGHA.604@TK2MSFTNGP14.phx.gbl...
>
>
| |
| Uri Dimant 2006-02-06, 11:23 am |
| Well, do you mean you don't want the user to see even a name of the
databases?
What is the problem if he/she does see the database but cannot connect to?
"Leila" <Leilas@hotpop.com> wrote in message
news:%23w14TazKGHA.720@TK2MSFTNGP14.phx.gbl...
> Hi Uri,
> Yes I'm using SQL Server 2005. Each login has a user in only one database.
> The login must be able to connect, but I don't want the login to be able
> to see list of other databases in the list of SSMS (except his related
> database). I use the correct login when I connect to SSMS.
>
>
> "Uri Dimant" <urid@iscar.co.il> wrote in message
> news:%23YdfFMzKGHA.516@TK2MSFTNGP15.phx.gbl...
>
>
| |
| Leila 2006-02-06, 11:23 am |
| The database name somehow indicates the name of domain which has been
registered by this company. It tempts hackers!!
"Uri Dimant" <urid@iscar.co.il> wrote in message
news:O$$qkdzKGHA.2064@TK2MSFTNGP09.phx.gbl...
> Well, do you mean you don't want the user to see even a name of the
> databases?
> What is the problem if he/she does see the database but cannot connect to?
>
>
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:%23w14TazKGHA.720@TK2MSFTNGP14.phx.gbl...
>
>
| |
| Sreejith G 2006-02-06, 11:23 am |
| Uri,
Seeing a DB name for eg. like "Finance" can provocate hackers ;)...
Sree :)
"Uri Dimant" wrote:
> Well, do you mean you don't want the user to see even a name of the
> databases?
> What is the problem if he/she does see the database but cannot connect to?
>
>
>
> "Leila" <Leilas@hotpop.com> wrote in message
> news:%23w14TazKGHA.720@TK2MSFTNGP14.phx.gbl...
>
>
>
| |
| Mark Williams 2006-02-06, 11:23 am |
| You could try creating non-default instances for each group of databases that
you want to keep separate. A client would only data databases in the instance
that they connect to.
--
"Leila" wrote:
> Hi,
> For a hosting company, I need to protect databases from unrelated logins. I
> mean logins must not be able to see other databases while using SSMS. But be
> able to view their own database in the list.
> Any help would be greatly appreciated.
> Leila
>
>
>
>
| |
| Leila 2006-02-06, 11:23 am |
| Hi Mark,
Do you mean I install 70 instances of SQL Server?! A hosting company might
have even more than that!
"Mark Williams" < MarkWilliams@discuss
ions.microsoft.com> wrote in message
news:63AB773A-7D7B-4BE1-9EBD- DC1D6D21E6D2@microso
ft.com...[color=darkred]
> You could try creating non-default instances for each group of databases
> that
> you want to keep separate. A client would only data databases in the
> instance
> that they connect to.
>
> --
>
> "Leila" wrote:
>
| |
| Mark Williams 2006-02-06, 8:23 pm |
| Didn't know that you were talking about that many instances.
What you are trying to do here is getting "security through obscurity." It's
a lot like wild animals that try to hide from predators by remaining
absolutely still; it doesn't work. You are trying to find a way so that each
hosting customer sees only their database when connecting. Are you also going
to try to obscure IP address ranges? DNS records?
You can't rely on "hiding" a resource as a method of securing it. The
hosting company that I use for a website hosts 20 to 30 sites on each of
their servers. When I log in, I can do an ls of the /home directory, and see
the site-names for all of the other people that are hosting their site on the
same server that my site is on. Would you consider that to be a breach of
security?
--
"Leila" wrote:
> Hi Mark,
> Do you mean I install 70 instances of SQL Server?! A hosting company might
> have even more than that!
>
>
>
> "Mark Williams" < MarkWilliams@discuss
ions.microsoft.com> wrote in message
> news:63AB773A-7D7B-4BE1-9EBD- DC1D6D21E6D2@microso
ft.com...
>
>
>
|
|
|
|