Microsoft KB Archive/935997

= A user who is not a member of a required role can still connect to a SQL Server 2005 database after you set the user access option for the database to RESTRICTED_USER =

Article ID: 935997

Article Last Modified on 11/20/2007

-

APPLIES TO


 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Standard X64 Edition
 * Microsoft SQL Server 2005 Standard Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Enterprise X64 Edition
 * Microsoft SQL Server 2005 Enterprise Edition for Itanium-based Systems
 * Microsoft SQL Server 2005 Workgroup Edition
 * Microsoft SQL Server 2005 Express Edition
 * Microsoft SQL Server 2005 Express Edition with Advanced Services

-



SYMPTOMS
A user who is not a member of a required role can still connect to a Microsoft SQL Server 2005 database after you set the user access option for the database to RESTRICTED_USER.

Consider the following scenario:
 * A user connects to a SQL Server 2005 database.
 * The user is not a member of the following roles:
 * The db_owner fixed database role
 * The dbcreator fixed database role
 * The sysadmin fixed server role
 * You set the user access option for the database to RESTRICTED_USER.

In this scenario, the user who has already connected to the database can connect to the database again. This issue occurs even though the database is now set to refuse access to a user who is not a member of the previously listed roles.



RESOLUTION
To resolve this issue, run the following statement against the database after you set the user access option: DBCC FREESYSTEMCACHE ('TokenAndPermUserStore')



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbtshoot kbprb kbexpertiseadvanced kbsql2005engine KB935997

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.