This check determines whether the SQL Guest account has access to databases (excluding master, tempdb, and msdb). All databases to which the account has access are listed in the security report.
Note: If you get the "No permissions to access database" error message, you might not have permissions to the MASTER database.
In SQL Server, a user logon account must be authorized to access a database and its objects in one of the following ways:
Members of the db_owner or db_accessadmin database roles, or the Sysadmin fixed server role, create the database user account roles. An account can include several parameters: the SQL Server logon ID, database user name (optional), and up to one role name (optional). The database user name does not have to be the same as the user's logon ID. If a database user name is not provided, the user's logon ID and database user name are identical. After creating the database user, the user can be assigned to as many roles as necessary. If a role name is not provided, the database user is only a member of the public role.
Members of the db_owner, db_accessadmin, or sysadmin roles can also create a guest account. The guest account allows any valid SQL Server login account to access a database even without a database user account. By default, the guest account inherits any privileges that have been assigned to the public role; however, these privileges can be changed to be greater or less than that of the public role.
SQL Server Security Strategies
Establishing Application Security and Application Roles
⌐ 2002 Microsoft Corporation. All rights reserved.