Opened 5 years ago
Closed 5 years ago
Last modified 5 years ago
#933 closed defect (fixed)
SQL Server Requires Connect to all Databases on Server
|Reported by:||gluckett||Owned by:||danstoica|
Within the MapGuide Environment, SQL Server provider requires the SQL Server username to be able to connect to all databases, including "master".
This is very difficult to give a user this much power when connecting to SQL Server to an Enterprise SQL Server with a lot of live applications.
Change History (9)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
The database listing query is currently something like this (according on SQL Server Profiler):
select name from master.dbo.sysdatabases S where databasepropertyex(name, 'Status')='ONLINE' order by name collate latin1_general_bin asc
Based on (https://stackoverflow.com/questions/9506927/how-to-find-databases-which-accessible-to-me-in-sql-server), if we want to cut this off to only databases the specified login can access, then the query should actually be:
select name from master.dbo.sysdatabases S where databasepropertyex(name, 'Status')='ONLINE' and HAS_DBACCESS(name) = 1 order by name collate latin1_general_bin asc
comment:3 by , 5 years ago
Possibly related to #876
comment:4 by , 5 years ago
Yes, the user requires "connect" to all databases currently. This is not feasible for large scale SQL Server implementations.
For example, the user may only be "owner" of one database, but the the connection in Maestro or Studio fails when connecting to SQL Server since it cannot "connect" to the other databases on the server. If we can limit to only those databases the user has access to - and yes it's like Ticket #876
comment:5 by , 5 years ago
by , 5 years ago
Only enumerate databases the current user is allowed to access (using HAS_DBACCESS(name) = 1)
by , 5 years ago
v2 patch (now with unit test)
comment:6 by , 5 years ago
|Status:||new → closed|
comment:7 by , 5 years ago
Are you referring to the listing of databases that a user can connect to?