Hello Frank and Brian!
quote:
'put Guest into DB_Role db_denydatareader'And => this login still has access to master.
Right 🙂 But I was doing it as a counter-example. You have a 'valid' login but you cannot login. Hence you cannot execute your SELECT. So there, Answer nr 1 does not work.
quote:
Hans:quote:
You DO need db_datareader rights to the master database or equivalent permissions.
Brian:
you really only need access to two objects
I agree. Though my point was, mostly, that after some considerations:
quote:
(...) Or at least this is the closest right answer
The postings (by me) has so far just been to prove that Answer nr 1 should not be the right one.
Regards, Hans!
P.S
quote:
the guest user is enabled (and required) in tempdb as well. So even if you block it in master, the login still has valid access to at least one database.
Which only proves that if you have an account that enables you to log in to SS, you have access (permissions through Guest) to atleast 'master'. Therefore Answer 1 implies Answer 2.
Edited by - hanslindgren on 07/16/2003 08:07:57 AM