SQL Server Performance Forum – Threads Archive
usuario guest
El Baseline Security Analyzer recomienda eliminar los usuarios guest de las bases de datos, con excepción de la master.Pero cuando se instala Replicación el usuario guest es agregado a la base de datos distribution.
¿Se puede eliminar guest de Distribution o es necesario para el correcto funcionamiento de la replicacion? Saludos
Esto es lo que encontré.<br />Parece ser que si en la lista PAL se encuentran agregados los usuarios con permisos, entonces el Guest no es necesario.<br /><br />Publication Access Lists<br /> New Information – SQL Server 2000 SP3.<br /><br />When you create a publication, Microsoft® SQL Serverâ„¢ 2000 creates a publication access list (PAL) for the publication. The PAL contains a list of logins that are granted access to the publication. The logins included in the PAL are members in the sysadmin fixed server role and the current login.<br /><br /><br /><br />Note A new role is created in SQL Server 2000 Service Pack 3 for use by merge replication. The name of the new role is in the form MSmerge <<img src=’/community/emoticons/emotion-4.gif’ alt=’;p’ />ublication ID>. The role is created on the Publisher for each merge replication publication and acts as the PAL to control access to merge publications on the Publisher. For information on creating this role if it has been removed from the Publisher, see sp_createmergepalrole.<br /><br /><br />The PAL functions similarly to a Microsoft Windows® 2000 access control list. When a user or replication agent attempts to log in to a Publisher, SQL Server 2000 first checks to see if the login is in the PAL. If you must further expand or restrict access to a publication, you can add or delete logins in the PAL using SQL Server Enterprise Manager or the sp_grant_publication_access and sp_revoke_publication_access stored procedures.<br /><br />A snapshot, transactional, or merge publication may be secured with a PAL through SQL Server Enterprise Manager or programmatically.<br /><br /><br /><br />Note A replication agent login for the Publisher and Distributor must exist in the PAL before it can access the publication. The user login must also exist in the publication database or the database must allow guest users. If you are using a remote Distributor, the logins must exist at both the Publisher and the Distributor before it can be added to the PAL. Because the replication agents run under SQL Server Agent, the account under which SQL Server Agent runs on a Windows platform must be in the PAL.<br /><br /><br />If you have a large number of user logins to add to the PAL, consider making them all members of a single Windows 2000 group and then adding the Windows 2000 group to the PAL.<br /><br /><br /><br />Luis Martin<br />Moderator<br />SQL-Server-Performance.com<br /><br /><font size="1">One of the symptoms of an approaching nervous breakdown is the belief that one’s work is terribly important<br />Bertrand Russell<br /></font id="size1"><br /><br /><font size="1">All postings are provided “AS IS†with no warranties for accuracy.</font id="size1"><br /><br /><br /><br />
Muy completo,
Muchas gracias
]]>