I create a login in SQL Server 2008 R2, and when that user connects to a database, it can see all the logins in the security logins. Can I deny access to watch the logins of the database?
Sql-server – How to deny access to see the logins in a database
permissionssql serversql-server-2008-r2
Related Question
- Sql-server – DENY access to EXEC for a role
- Sql-server – Grant access to all objects (with a few exceptions) to a role
- Azure SQL Database – How to Create a Second Login and Deny Access
- Sql-server – Deny user to see any database through DB_NAME()
- Sql-server – How to give an existing server login access to an attached/migrated database
- Sql-server – Cross database reference select access with disabled login for DB user
- SQL Server Permissions – Easily Grant Access to Users After Database Creation
- SQL Server Permissions – Why Users Without Login Have Access
Best Answer
Either if it's a Windows or SQL login, then by default, if it has only the PUBLIC role, won't be able to see anything except SA and himself. No other login (Windows or SQL) on the machine will be visible, if he hasn't some other server permissions.
Example for that behavior (both test logins have only the Public role):
![the Sysadmin login](https://i.stack.imgur.com/CgXP3.png)
So, if a login can see more than himself, it must've had some privileges assigned. It should be in the login properties.
Some other easy way to see it is by scripting the login: right click -> script login as - create to - and see if it has any server role assigned to it (role assignments are at the end of the script).