INF: Restricting Access to Master Database in SQL Server (75291)


The information in this article applies to:

  • Microsoft SQL Server 4.2x
  • Microsoft SQL Server 6.0
  • Microsoft SQL Server 6.5
  • Microsoft SQL Server 7.0
  • Microsoft SQL Server 7.0 Service Pack 1
This article was previously published under Q75291
The GUEST username in the master database is necessary for users (other than the system administrator) to log in and should not be removed. If it is removed, a user who does not have an account in the master database can no longer log in to the server. This is the case even if the user has an account in a default database other than the master.

Because the GUEST username should not be removed, there is no way to physically restrict users from the master database. That is, they can still execute the USE MASTER command. However, if the users do not have an account in the master database, they are given access under the GUEST username. To restrict users from accessing or viewing objects, revoke privileges such as SELECT and EXECUTE from the PUBLIC group, of which GUEST is a member.
Modification Type:MinorLast Reviewed:2/14/2005
Keywords:kbother KB75291
©2004 Microsoft Corporation. All rights reserved.