When a new login is created in SQL Server it automatically defaults database to master.
We do not give permissions in master (systemdb) but in our user DB (CustomersDB) with db_datareader and db_datawriter.
We save the account.
Then a user is able to connect, why? Does this have to do with public permissions in master?
Best Answer
All logins exist in the master database. Why it is default is probably related to this, but you can change the default database to your user database if you wanted to. The default being master simply means they have to explicitly set the user database in the connection string for the application.
The default database has nothing to do on why the logon can connect to the instance. This comes from being granted connection privileges to the instance. This is done by default when using SSMS to create the login.
Additional Info
Public role is granted connect permissions and any login created is automatically part of that role.
The only permissions granted for every endpoint is Connect. The only thing they get at the server level is
view any database
.You actually cannot remove a login from the public role either, SQL Server does not let you because it is hard coded in there somewhere. You will most security standards for things like HIPPA or DoD (STIGs) want you to simply harden what the public role can do at the server level and within each database. See "INF: SQL Security - Restricting access to public..." for a bit more information on it all.
Creating a login straight from GUI or from just
CREATE LOGIN
and you will automatically see these permissions at the server level: