Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How To Limit Email To database Users 2

Status
Not open for further replies.
Skittle

Skittle

ISP
Sep 10, 2002
1,528
US
How can I limit users from executing email tasks?

If I create a database and add a set of users to it, how can I prevent those users from issuing commands that send emails via msdb.dbo.sp_send_dbmail?



Dazed and confused
 
Sort by date Sort by votes
By not setting up a public mail profile and not granting them rights to the private mail profiles.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog
 
Upvote 0 Downvote
I am little confused about this.

I thought you could only allocate msdb users to a private email profile. If this is the case, how can a user who is a member of a different database ( i.e. not a member of msdb ) use a profile?





Dazed and confused
 
Upvote 0 Downvote
My understanding is that if a user/group is *not* a member of DatabaseMailRoleUser in msdb, or does not have explicit permissions to execute the sp_send_dbmail proc, or otherwise have sysadmin privs, they can't send mail anyways - regardless if the profile is public or private.

(although private profiles enable you to limit who can send mail)
 
Upvote 0 Downvote
Yess... I think I agree. The msdb user must be a member of DatabaseMailRoleUser to end email uner any circumstances but if the user is connected to database XYZ instead of msdb and the user does not even have a login mapped to msdb, where is the link enabling the user to send email via a profile?

I'm pretty sure I've done this but the more I think about it the more confused I get about how it actually works.



Dazed and confused
 
Upvote 0 Downvote
It doesn't matter which database a user is connected to. Just forget about that part.

What matters is if the user has permissions to send mail. The way a user gets permission to send mail is:

1.) They are mapped to msdb (either individually or via group login) AND are a member of DatabaseMailUserRole

2.) They have been explicitly GRANTED execute sp_send_dbmail permission (I don't think msdb mapping matters here)

3.) Is a sysadmin


 
Upvote 0 Downvote
Although MrDenny summed it up - you can prevent users from sending mail by using a private profile and NOT granting them use of the private profile.

This will override any msdb permissions anyways.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CodeWell
  • Locked
  • Question
SQL Server 2017 Install Issue - Database Not in Configuration Manager
Replies
0
Views
243
CodeWell
CodeWell
bethabernathy
  • Locked
  • Question
Front End Access 365 Database dsn Connection Fails when attempting to link to 2016 SQL server
Replies
1
Views
196
dhookom
dhookom
torquinian
  • Locked
  • Question
Error 0x80131904 when trying to connect to database
Replies
0
Views
174
torquinian
torquinian
dgillz
  • Locked
  • Question
SQL View not available to Excel Power Query
Replies
1
Views
195
dgillz
dgillz
baran121
  • Locked
  • Question
take a database from system databse place
Replies
2
Views
198
iambob
iambob

Part and Inventory Search

Sponsor

Back
Top