Access granted to master database after altering user
Hi,
After altering an RDM user by granting the user "view" rights on two security groups the SQL Server account was granted access to the master database. There doens't appear to have been any grant/secureable added to the access.
We're using RDM 10.1.3.0
I'm not sure if we added users using previous 10.x version but I'm pretty sure we did. This did not add access to the master database in SQL Server.
Is this a bug or part of a new functionality?
For now I removed the master db access for that user (like the existing/non-changed users do not have access to the master db).
Regards,
Jan-Pieter
All Comments (3)
Hi,
I will assign this to Stefane. He will back back from the holiday vacation next Monday.
David Hervieux
Jan-Pieter,
It's a enhanced feature of RDM 10.1.x. Prior to the this version admin rights chaining didn't work. That is say "sa" (or any dbo) could create "admin-a", "admin-a" could then create "user-b" but not "admin-c". Now we might have a bug. If you're an admin you will get "ALTER ANY USER TO [user] WITH GRANT OPTION" & "ALTER ANY LOGIN TO [user] WITH GRANT OPTION" on the master DB. But regardless of admin or not you always get login privileges to master. This might actually be a bug. I will investigate when I'm back in the office on Monday.
Best regards,
Stéfane Lavergne
Jan-Pieter - fixed, non-admin users no longer get created in master. Good catch
Regards,
Stéfane Lavergne