New Login - SQL Server 2005

I need to create a new login that can only see 2 Views.

I have tried everything, but when I connect to the server with MS Access or MS Excel, and sign in using that Login, I can still a bunch of views. I only want this Login to be able to run either view and not see anything else.

This is what I have done so far:

1) Created Login zzz (w/ SQL Ser Auth)

2) Set the default database to database abc (Nothing is selected in Server Roles)

3) Set User Mapping to database abc, user = zzz

4) Database roll membership is public. (It won't let me change it)

5) Added user zzz to the two Views (Granted Select only)

Now when I connect to the server from Excel

Select new database query, add new data source (connection tests successful)

When I go to select the default table I can see the two views, but I can also see a whole list of other views (all_columns, all_objects, etc..)

It looks like it's everything in the System Views Folder.(Not only can I see the other views, I can query them)

I can individually remove the Public User from each view in the System View folder and it disappears from the default table list..

Do I need to do that for each item in the system views folder? There has to be upwards of 200 views. Anyway to change them all at once?

And then there is the views listed under Information_Schema, the public user isn't setup on those.I can't find a way to get rid of these.

all_columns and all_objects are system catalogs that have catalog security, which means that the user cannot see information for objects he doesn't have access to. The user will be able to query all_columns and he will see results, but those will be results for system objects, not for your application objects. You don't need to add further restrictions, there is really no point to it, because that information is public and the user could obtain it as well by installing his own copy of SQL Server Express and making the same query.

Thanks
Laurentiu

|||I need to setup a user that people will use in conjuction with OutlookSoft, these will be financial users, not techy. I was trying to make it as simple as posiable for them. Sign in, see 2 views, pick one.

Thanks for your help.|||you could use a cursor to loop through all the views in sys.all_objects and deny select permission on all the system views except the 2 you are interested in. That would ensure that only those 2 views are visible.|||Thanks, I will give that a try.