Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sql Server: How to Deny users access to linked servers

Tags:

security

sql-server

permissions

I'd like to deny access to query linked servers to a group of users. I've put them in a role and assigned certain permissions to object level permissions to the that group. I'm at a loss after searching BOL and 'net how to DENY access to linked servers.

EDIT:

I decided to break out profiler to verify exactly what SSMS is calling when displaying linked servers and ensure that a DENY was issued on that system view/SP. Turns out it calls sys.servers, but Sql Server doesn't honor the ACL on this system view -- It's does to other system views (ex: sys.dm_db_index_physical_stats).

like image 454
Chad Avatar asked Jun 28 '10 20:06

Chad

People also ask

How do I restrict access to SQL Server database?

Use SQL Server Management StudioRight-click the database to change, and then select Properties. In the Database Properties dialog box, select the Options page. From the Restrict Access option, select Single. If other users are connected to the database, an Open Connections message will appear.

Can you disable a linked server in SQL Server?

To remove a linked server, use the sp_dropserver system stored procedure. This removes a server from the list of known remote and linked servers on the local instance of SQL Server. This stored procedure accepts two arguments: the server name, and an optional argument for removing any logins associated with the server.

How do I provide access to a linked server in SQL Server?

Open SQL Server Management Studio and connect to an instance of SQL Server. In the Object Explorer, expand the node for the SQL Server database. In the Server Objects node, right-click Linked Servers and click New Linked Server. The New Linked Server dialog is displayed.

2 Answers

Here is a workaround I just thought of:

On Linked Server Properties dialog box, Properties tab; add users that you don't want to access the linked server. Then, assign them some dummy user/pass combination that will be rejected on target server.

like image 149
Miha Avatar answered Sep 24 '22 23:09

Miha

Afaik referencing a linked server is not controlled by access control lists (ACLs). In other words, you cannot GRANT/DENY/REVOKE permission to use a linked server. You can certainly control the permission to change a linked server via ALTER ANY LINKED SERVER permission.

This apparent lack of permission is because the linked servers are forwarding specific credentials to the remote server, controlled via the impersonation or the remote_logins settings associated with the linked server. The actual access control happens on the remote server, using the credentials associated with the linked server. So in order to deny a group of users access to the linked server, you need to deny that group access to the remote server on the remote server itself.

like image 20
Remus Rusanu Avatar answered Sep 26 '22 23:09

Remus Rusanu
Sign in to Comment

Related questions

How do I shrink the transaction log on MS SQL 2000 databases?
Unable to connect to SQL Server session database
Development vs Production: Connection Strings
TSQL - When to use 'not null'
High volume site using ADO.NET TransactionScope vs ExecuteCommand on NOLOCK, READ UNCOMMITTED directly?
What are the different ways to replace a cursor?
Same query uses different indexes?
SQL Management Studio Express opening SQL scripts in Notepad
Store RGB values in database
How to encrypt all existing stored procedures of a database
MySQL to SQL Server transferring data
Retrieve fields schema in Visual Studio of stored procedure which uses temp tables
Is a 3 (physical) tier architecture inefficient?
Ensure "Reasonable" queries only
SQL Server: Return uniqueidentifier from stored procedure
how to get the number on months between two dates in sql server 2005
Can I Select and Update at the same time?
Display the table name in the select statement
Tell me SQL Server Full-Text searcher is crazy, not me
Finding Caller of SQL Function

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!