how its possible to see 'sa' login in connection with login which have only granted to read some views? Probably cant to edit anything, but can see. And also can see list of databases, but cant to open. All in SQL Management Studio. Login just created by:
create login YourTpvLogin with password = 'enter new password here'
go
create user YourTpvUser for login YourTpvLogin
go
grant select on YourView to YourTpvUser
Thank you for explanation or way how to fix it.
Ok... First of all Every SQL Server login belongs to the public server role. Next - The public server role is granted VIEW ANY DATABASE permission which means that a login that is granted this permission can see metadata that describes all databases including master database which in turn records all the system-level information for a SQL Server system including information about SQL server logins and sa login of course is not an exception.
So... any new login can see all databases and logins but can't modify them.
Possible "solution" for hiding databases is to deny a login the VIEW ANY DATABASE permission.
To limit visibility to database metadata, deny a login the VIEW ANY DATABASE permission. After this permission is denied, a login can see only metadata for master, tempdb, and databases that the login owns.
And... you can't completely hide the sa login because every login must be able to read server's metadata from the master database.