Hello again, everyone!
I know it's possible to deny users to create databases in SQL Server 2005 by
looking at the server permssions and selecting "Deny" next ot "Create
databases".
I was wondering, is there any way to deny public the ability to create
databases in SQL Server 2000? I can see where you can revoke soem options on
the database level, but not at the instance level.
Thanks in advance!> I know it's possible to deny users to create databases in SQL Server 2005
> by
> looking at the server permssions and selecting "Deny" next ot "Create
> databases".
Users do not have CREATE DATABASE permission unless you GRANT that
permission, either explicitly or by role membership. In SQL 2005, CREATE
DATABASE is implied by CREATE ANY DATABASE and ALTER ANY DATABASE.
Be mindful that DENY and REVOKE are different things. DENY prevents a
previously granted permission from being inherited. When both GRANT and
DENY permissions are present, DENY takes precedence. REVOKE removes all
previous GRANTs and DENYs on the principal so the result is no permissions.
It's usually best to use only GRANTs unless you have a specific reason to do
otherwise.
Hope this helps.
Dan Guzman
SQL Server MVP
"Adam St. Pierre" <AdamStPierre@.discussions.microsoft.com> wrote in message
news:DF656F09-EC02-4C4E-9785-C255CC075706@.microsoft.com...
> Hello again, everyone!
> I know it's possible to deny users to create databases in SQL Server 2005
> by
> looking at the server permssions and selecting "Deny" next ot "Create
> databases".
> I was wondering, is there any way to deny public the ability to create
> databases in SQL Server 2000? I can see where you can revoke soem options
> on
> the database level, but not at the instance level.
> Thanks in advance!|||Thank you, Dan.
As I didn't set up this 2000 instance, some else must have granted
permission. And correct me if I'm wrong, but didn't the default install of
2000 grant permission to everyone, and it's 2005 that you have to grant that
permission explicitly?
And my apologies for my poor choice of wording. I didn't mean "Revoke" as in
the permission setting - I meant the verb, as in to take away. "Deny" would
have been a more descriptive word choice. :D
- Adam
"Dan Guzman" wrote:
> Users do not have CREATE DATABASE permission unless you GRANT that
> permission, either explicitly or by role membership. In SQL 2005, CREATE
> DATABASE is implied by CREATE ANY DATABASE and ALTER ANY DATABASE.
> Be mindful that DENY and REVOKE are different things. DENY prevents a
> previously granted permission from being inherited. When both GRANT and
> DENY permissions are present, DENY takes precedence. REVOKE removes all
> previous GRANTs and DENYs on the principal so the result is no permissions
.
> It's usually best to use only GRANTs unless you have a specific reason to
do
> otherwise.
>
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP|||> And correct me if I'm wrong, but didn't the default install of
> 2000 grant permission to everyone, and it's 2005 that you have to grant
> that
> permission explicitly?
In SQL 2000, only sysadmin and dbcreator role members have CREATE DATABASE
permission by default.
> And my apologies for my poor choice of wording. I didn't mean "Revoke" as
> in
> the permission setting - I meant the verb, as in to take away. "Deny"
> would
> have been a more descriptive word choice.
Gotcha.
Hope this helps.
Dan Guzman
SQL Server MVP
"Adam St. Pierre" <AdamStPierre@.discussions.microsoft.com> wrote in message
news:8634A52A-D30A-4310-BBD8-6FC2CA316E06@.microsoft.com...[vbcol=seagreen]
> Thank you, Dan.
> As I didn't set up this 2000 instance, some else must have granted
> permission. And correct me if I'm wrong, but didn't the default install of
> 2000 grant permission to everyone, and it's 2005 that you have to grant
> that
> permission explicitly?
> And my apologies for my poor choice of wording. I didn't mean "Revoke" as
> in
> the permission setting - I meant the verb, as in to take away. "Deny"
> would
> have been a more descriptive word choice. :D
> - Adam
>
> "Dan Guzman" wrote:
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment