MSSQL public role

[Fabio_Martinelli]

Is safe to disable VIEW ANY DATABASE permission in the public role?

I do not want SQL users to see all databases in the server.

https://technet.microsoft.com/en-us//library/ms189077(v=sql.105).aspx

Thank you

 

[IgorG]

I could understand that you are facing issue with MSSQL database user which can see all other databases present inside the server. Please note that this is default behavior of MSSQL. When a database user is created in MSSQL database, the user will be having permission to view all other databases present in the same server. This permission is called VIEW ANY DATABASE. It is server-level permission. A login that is granted this permission can see metadata that describes all databases, regardless of whether the login owns or can actually use a particular database.
By default, the VIEW ANY DATABASE permission is granted to the public role. Therefore, by default, every user that connects to an instance of SQL Server can see all databases in the instance.
http://msdn.microsoft.com/en-us/library/ms189077(v=sql.105).aspx
http://msdn.microsoft.com/en-us/library/ms189077(v=sql.105).aspx

So if you need to deny the permission, you need to deny the server level permission. For more detail, please refer the link given below.

http://msdn.microsoft.com/en-us/library/ms182763(v=sql.105).aspx

After this permission is denied, a login can see only metadata for master, tempdb, and databases that the login owns.

 

[Fabio_Martinelli]

To do that the user login created by Plesk should be part of DBO schema?

Denying VIEW ANY DATABASE permission everything is gone, including the database the user should access. But it seems the user created by Plesk is not the databases owner.

Is there somewhere to configure default permissions?