Updated specific locations to be searchable, take a look at Las Vegas as an example.

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

3
SharePoint Sql STIG sillyness
Post Body

TL;DR: anyone have a good source I can give to DBA breaking SQL for SP or a list of everything SP uses the 'public' server role for?

So feel like I just stepped out of a time machine... but anyone have some cliff notes/good links (short of opening a MS ticket) how the SQL STIG breaks SharePoint... (working with an overzealous DBA).

Specifically: what are explict permissions and/or extended properties SP requires through the PUBLIC role requires across the instance and/or to the master.

Believe these are the rules they are running with:

https://www.stigviewer.com/stig/microsoft_sql_server_2012_database/2014-06-23/finding/V-41398

https://www.stigviewer.com/stig/microsoft_sql_server_2012_database_instance/2018-02-27/finding/V-41044

https://www.stigviewer.com/stig/microsoft_sql_server_2005_database/2015-06-16/finding/V-2458 (old and shouldn't be, I know)

https://www.stigviewer.com/stig/microsoft_sql_server_2005_database/2015-06-16/finding/V-2498 (old and shouldn't be, I know)

https://www.stigviewer.com/stig/microsoft_sql_server_2005_database/2015-06-16/finding/V-3727

https://www.stigviewer.com/stig/microsoft_sql_server_2012_database_instance/2018-02-27/finding/V-40916

...ie sitgs: public mean public so lock down the public role | me: but sp needs that for randomly alllll the things

I.e. excerpts of attempting a mount [side eye frowny face]:

Database 'master' on SQL Server instance 'instancename' is not empty and does not match current database schema.

...

ConnectionString: 'Data Source=databasename;Initial Catalog=master;Integrated Security=True;Pooling=True' Partition: NULL ConnectionState: Open ConnectionTimeout: 15

...

System.Data.SqlClient.SqlException (0x80131904): User does not have permission to perform this action. Grantor does not have GRANT permission.

Links I already have:

https://docs.microsoft.com/en-us/sharepoint/install/account-permissions-and-security-settings-in-sharepoint-2013#setup-user-administrator-account

https://social.technet.microsoft.com/Forums/sharepoint/en-US/e109543b-14ad-4ea0-af4b-bdd16398e78c/sharepoint-2010-with-sql-server-lockdown-where-all-permissions-have-been-revoked-from-public-sql @ /u/trevorishere :D

...inb4 open a ticket

Author
Account Strength
100%
Account Age
11 years
Verified Email
Yes
Verified Flair
No
Total Karma
12,339
Link Karma
1,373
Comment Karma
10,666
Profile updated: 5 days ago
Posts updated: 3 months ago
Megatwan

Subreddit

r/sharepoint

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
5 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/sharepoint/...