Remove the right of the guest user to connect to SQL Server databases, except for master msdb tempdb and, on AWS RDS instances, rdsadmin A login assumes the identity of the guest user when a login has access to SQL Server but does not have access to a database through its own account and the database has a guest user account. Revoking the CONNECT permission for the guest user will ensure that a login is not able to access database information without explicit access to do so.
Solution
The following code snippet revokes CONNECT permissions from the guest user in a database. Replace <database_name> as appropriate: USE <database_name>; GO REVOKE CONNECT FROM guest; Impact: When CONNECT permission to the guest user is revoked, a SQL Server instance login must be mapped to a database user explicitly in order to have access to the database.