A privileges granted to a user for enterprise geodatabase layer,

1513
20
08-06-2014 01:23 PM
Highlighted
Honored Contributor

A privileges granted to a user for enterprise geodatabase layer,

I couldn’t figure out how a user can “see” layers stored in enterprise geodatabase while this user is not granted any privileges.

  1. The access type of the enterprise geodatabase (Q.mdf) is “public”

Clip_108.jpg

  1. The “Ali” user is not given any privileges to the “communities” layer

Clip_109.jpg

  1. Nevertheless, “Ali” can see the “communities” layer (as the “Q” enterprise database is accessed by Ali)

Clip_110.jpg

What might be the issue here?

How Could Ali access the “communities” layer while he has not given any privileges to it?

Thank you

Best

Jamal

Reply
0 Kudos
20 Replies
Highlighted
New Contributor II

Jamal,

Did you ever figure this out?  I am experiencing a similar problem.

Thank you,

Sharon

Reply
0 Kudos
Highlighted
Esri Esteemed Contributor

Check that the user is not granted db_owner privileges using SQL Server Management Studio.  Or, you can create a feature class when connected as the 'ali' user.  If the owner of the feature class is DBO, then this user has db_owner privileges.

Reply
0 Kudos
Highlighted
New Contributor II

No, not db_owner.  Any other suggestions?

Reply
0 Kudos
Highlighted
Regular Contributor III

Is it a database login or a Windows Authenticated login that you are using?

Is the login part of any Group? ?

Also as Sol suggested, can you please confirm what permissions this login has?

Reply
0 Kudos
Highlighted
Honored Contributor

Hi all,

Let’s take another example

  1. This is the current situation for the “Q” database

Clip_640.jpg

Clip_641.jpg

  1. “Hasan” is added as a user to the “Q’ database

Clip_642.jpg

Clip_643.jpg

Clip_644.jpg

Clip_645.jpg

cont....

Reply
0 Kudos
Highlighted
Honored Contributor
  1. Without granting “Hasan” any privileges to any layer, Hasan is able to “see” all the layers stored in the “Q” database

Clip_646.jpg

Clip_647.jpg

Clip_648.jpg

What might be the issue here? Is this a normal behavior?

How Hassan can see all the layers stored in the “Q” despite the fact that he is not granted any privileges to any layer?

Reply
0 Kudos
Highlighted
Regular Contributor III

When you are using the "Create Database User" tool,  certain permissions are automatically granted to the new login.

ArcGIS Help 10.1

CREATE TABLE

CREATE PROCEDURE

CREATE VIEW

VIEW DEFINITION

However, the above 4 permissions should not automatically allow the new login to preview any existing data.

-----

Try creating the new login from the database end,Map it to the database and check if the behaviour is still reproduced.

Reply
0 Kudos
Highlighted
Honored Contributor

Thanks Asrujit,

The “add database user” tool enables the user to access the database itself (Q) but not any of its content (layers). This user still needs to be granted permissions at the level of each layer stored in the database to be able to access them.

Am I correct?

In the current behavior, the database user doesn’t need to be granted particular privileges to access the layers stored in the database!

Clip_655.jpg

Clip_656.jpg

Clip_657.jpg

Clip_658.jpg

Reply
0 Kudos
Highlighted
Regular Contributor III

Yes, you are right. Permissions\privileges have to be granted separately for previewing the layers.

Did  you try creating a new login at the database end and then mapping it to the database? Did it show the same behaviour?

Reply
0 Kudos