SQL Server 2014 Permissions: CONNECT ANY DATABASE

July 30th, 2014 by Stephen Jones Leave a reply »

In a recent blog post New SQL Server 2014 Permissions: CONNECT ANY DATABASE Edward Pollack, explains a new feature in SQL2014 which is paraphrased here.

CONNECT ANY DATABASE is a simple server-level permission that provides access to all current and future databases. When combined with:

- VIEW SERVER STATE, a login can monitor server and database metrics via a host of dynamic management views.

- or with SELECT ALL USER SECURABLES, a login can view data in all databases (read-only).

Many professions have restrictions over what employees are allowed to view, e.g. hospitals, where HIPAA greatly influences the flow of information. CONNECT ANY DATABASE provides database-level permissions without giving any access to the objects within. This also allows for scenarios where access is granted to all databases, but only for specific tasks, such as selecting all data, updating, deleting, etc. Security scenarios that used to be cumbersome to implement are now simplified. No need to create users in all databases for a login, nor to assign specific database-level permissions to ensure that a service account or monitor can do its job correctly.

for more information see – 2014/07/29 http://www.sqlservercentral.com/articles/Security/111116/


Leave a Reply

You must be logged in to post a comment.