Will there be any problems if I revoke user access to the Master and MSDB databases?
Background. My server is set up for a third-party application. It created the databases and unfortuately they use a very bad practice. They set up access using PUBLIC ROLE. So, the builtin dbo (which MUST remain) requires the use of PUBLIC ROLE for everything it does. That means that every user has access to everything unless I specifically DENY/REVOKE the permission.
They really should have created a ROLE for their application and given the permissions to their role and not the PUBLIC ROLE. But they didn't. And they also gave PUBLIC ROLE select permissions on the MASTER and MSDB databases.
I don't have a test-bed/development server, so I can't test revoking permissions. So, I'm asking for help here. In a normal SQL Server install, does PUBLIC Role have any 'builtin' permissions to the MASTER and MSDB databases?
(BTW-due to my constantly 'bugging' the vendor about this poor security issue, they are changing it with the next update).
-SQLBill
Background. My server is set up for a third-party application. It created the databases and unfortuately they use a very bad practice. They set up access using PUBLIC ROLE. So, the builtin dbo (which MUST remain) requires the use of PUBLIC ROLE for everything it does. That means that every user has access to everything unless I specifically DENY/REVOKE the permission.
They really should have created a ROLE for their application and given the permissions to their role and not the PUBLIC ROLE. But they didn't. And they also gave PUBLIC ROLE select permissions on the MASTER and MSDB databases.
I don't have a test-bed/development server, so I can't test revoking permissions. So, I'm asking for help here. In a normal SQL Server install, does PUBLIC Role have any 'builtin' permissions to the MASTER and MSDB databases?
(BTW-due to my constantly 'bugging' the vendor about this poor security issue, they are changing it with the next update).
-SQLBill
