SQL Server windows authenticated user seeing all objects in ArcCatalog

1267
6
02-23-2017 09:21 AM
ScottNoldy
New Contributor III

Details:
SQL Server 2014, 10.4.1 geodatabase.

I am the admin of the geodatabase (SDE user created, not dbo) using a SQL Server login.

When I connect via ArcCatalog I see all the feature classes, relationship classes and sde tables.

Most of these objects are registered as versioned.

I added a windows group to the database in SQL Server with nothing but the public role and went through, via ArcCatalog, and granted them permissions to all these objects.  When a user in that group connects they're seeing all the _evw views from the versioned datasets along with everything I can see above.

What did I do wrong that they can see all these objects in Catalog?

0 Kudos
6 Replies
George_Thompson
Esri Frequent Contributor

Did you only give them "Public" under the Server roles?

What are their permissions in the database for the User Mapping?

Geodatabase

--- George T.
0 Kudos
ScottNoldy
New Contributor III

Yes, I only gave them public when adding to the database.

I actually didn't give it to them, that's the default that you can't unselect.

0 Kudos
ManviLather1
Occasional Contributor

Hello,

In SQL Server management studio,

Right click on the database -> properties -> permissions -> select the user-> click on effective and check the permissions granted to the user.

Also, please have a look at the below links:

http://desktop.arcgis.com/en/arcmap/10.4/manage-data/gdbs-in-sql-server/privileges-sqlserver.htm

http://desktop.arcgis.com/en/arcmap/10.4/manage-data/gdbs-in-oracle/grant-dataset-privileges.htm

0 Kudos
ScottNoldy
New Contributor III

It's a windows group so it's not possible to get effective permissions.

I used the change privileges tool to grant permissions to the windows group via arccatalog.

No permissions were granted via SQL Server.

0 Kudos
ManviLather1
Occasional Contributor

Check if group have "select" permission

0 Kudos
ScottNoldy
New Contributor III

No,connect is the only thing selected in the database permissions list.

0 Kudos