A user account retains database role assignments after you remove the user account from the "Accounts with Access to the Search Services" box on the Manage Shared Services page in SharePoint Portal Server 2003 (827854)
The information in this article applies to:
- Microsoft Office SharePoint Portal Server 2003
SYMPTOMSIn your server farm deployment of Microsoft Office
SharePoint Portal Server 2003 that is configured to use shared services, you
may find that when you remove a user account from the Accounts with
access to the Search Services box in the Direct Access to
Search Service area of the Manage Shared Services page, that user
account retains the following Microsoft SQL Server 2000 database role
assignments:
- The public role and the db_owner role on the profile
database (SiteName_PROF) and the component settings
database (SiteName_SERV) of the parent portal
site.
- The public role on the configuration database of the parent
portal site.
CAUSEWhen you add the name of one or more user accounts to the
Accounts with access to the Search Services box in the
Direct Access to Search Service area of the Manage Shared
Services page, the user account or user accounts that you specified are
assigned the following rights and database roles:
- Query rights to the index management servers and search
servers on your server farm.
- The public role and the db_owner role on the profile
database (SiteName_PROF) and the component settings
database (SiteName_SERV) of the parent portal
site.
- The public role on the configuration database of the parent
portal site.
With these rights, the user account on the child server farm
can access search and indexing resources on the parent server farm. When you
remove a user account from the list of user accounts in the Accounts
with access to the Search Services box, query rights to the index
management servers and the search servers on your server farm are removed from
the user account. However, SQL Server database role assignments are
retained. WORKAROUNDTo work around this behavior, use SQL Server Enterprise
Manager to manually remove access to the profile database
( SiteName_PROF), the component settings database
( SiteName_SERV), and the configuration database of
the parent portal site for the user account that you removed from the
Accounts with access to the Search Services box of the Manage
Shared Services page. To do so, follow these steps:
- On the server that is running SQL Server, start SQL Server
Enterprise Manager.
- Expand Microsoft SQL Servers, expand
SQL Server Group, expand (local) (Windows
NT), and then expand Security.
- Click Logins.
- In the right pane, right-click the name of the user
account, and then click Properties.
- Click the Database Access tab.
- Remove access to the profile database
(SiteName_PROF), the component settings database
(SiteName_SERV), and the configuration database of
the portal site that provides shared services. To do so, follow these steps for
each database:
- Under Specify which databases can be accessed
by this login, click the name of the database that you want to remove
access for.
- Click to clear the Permit check box
next to the name of the database, and then click
OK.
- In the right pane, right-click the name of the user
account, and then click Delete.
- Click Yes when you are prompted to confirm
that you want to remove the login.
- Quit SQL Server Enterprise Manager.
Modification Type: | Minor | Last Reviewed: | 1/9/2006 |
---|
Keywords: | kbpermissions kbDatabase kbpending kbBug KB827854 kbAudITPRO |
---|
|