SlideShare une entreprise Scribd logo

Lesson 5 security

Ram Kedem
Ram Kedem

MSSQL Server Managing Logins and Server Roles

Technologie
1  sur  26
Managing Security - Logins and Server Roles Ram Kedem
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Principals •Principals are entities that can request SQL Server resources. •Like other components of the SQL Server authorization model, principals can be arranged in a hierarchy. •The scope of influence of a principal depends on the scope of the definition of the principal: •Windows •Server •Database
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Principals •Windows-level principals •Windows Domain Login •Windows Local Login •SQL Server-levelprincipals •SQL Server Login •Server Role •Database-level principals •Database User •Database Role •Application Role
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Securables •Securablesare the resources to which the SQL Server Database Engine authorization system regulates access. •The securable scopes are server, database, and schema.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Securables •Server Level •Endpoint •Database •Database Level •User •Database role •Application role •Schema •Schema Level •Function •Procedure •Table •View
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent SQL Logins •Logins are the credentials that authenticate connections to an instance. •You can differentiate SQL Server logins based on the type of authentication method used: •Windows-authenticated login •SQL Server–authenticated login •Certificate •Asymmetric key
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Windows-Authenticated SQL Server Logins •Windows-authenticated SQL Server logins are instance logins in which the operating system handles authentication. •You can map a Windows-authenticated SQL Server login to a local user account, a local security group, a domain user account, or a domain security group. •The type of authentication you use depends on your organization’s needs. Controlling access by using local computer-based or domain-based groups can reduce the number of SQL logins required but requires giving database administrators the ability to manage membership of these groups.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent SQL Server–Authenticated Logins •SQL Server–authenticated logins are authenticated by the Database Engine instance rather than through the host operating system or a domain controller. •SQL Server–authenticated login passwords are stored within the master database. •If the SQL Server authentication option button is disabled, you must configure the instance to support mixed-mode authentication. •You can create a SQL Server–authenticated login to use the password expiration and complexity policies that apply to the host operating system. •Windows Server 2008 -Start -Administrative Tools -Local Security Policy.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users -General
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users –Server Roles
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users –User Mapping
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users -Securables
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Fixed Server-Level Roles •sysadminRole -members can perform all activities possible on the Database Engine instance. You specify initial membership of this role when performing installation of the Database Engine feature. •serveradmin-Members of the serveradminfixed server role can change server-wide configuration options and shut down the server (creation of new logins for example is not possible) •securityadmin-Members of the securityadminfixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions if they have access to a database. Additionally, they can reset passwords for SQL Server logins. •processadmin-Members of the processadminfixed server role can end processes that are running in an instance of SQL Server. •setupadmin-Members of the setupadminfixed server role can add and remove linked servers. •bulkadmin-Members of the bulkadminfixed server role can run the BULK INSERT statement.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Fixed Server-Level Roles •diskadmin-The diskadminfixed server role is used for managing disk files. •dbcreator-Members of the dbcreatorfixed server role can create, alter, drop, and restore any database. •public-Every SQL Serverlogin belongs to the public server role. When a server principal has not been granted or denied specific permissions on a securable object, the user inherits the permissions granted to public on that object.Only assign public permissions on any object when you want the object to be available to all users. You cannot change membership in public.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Altering Existing Logins •You can alter existing logins using SQL Server Management Studio to edit the properties of the login. You can also alter existing logins by using the ALTER LOGIN Transact-SQL statement.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Login-Related Catalog Views SELECT*FROMsys.server_principals SELECTtype_desc,COUNT(*) FROMsys.server_principals GROUPBYtype_desc
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Removing Logins •You can remove a login by using SQL Server Management Studio, right-clicking the login, and clicking Delete. •You can also remove a login by using the DROP LOGIN Transact-SQL •statement. •You cannot dropa login while that login has an active connection to the database instance. •You cannot dropa login that owns a SQL Server Agent job, a server-level object, or a securable.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Removing Logins •Although it is possible to drop logins that are mapped to database users, this •creates orphaned users. •It is often prudent to disablerather than drop a login because it is simpler to re-enable a login that is mapped to multiple database users than it is to re-create a login if circumstances change. •Login cannot be dropped as long as it has active connection. If you can't drop a Login sine it has some active session, kill that specific session :
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Removing Logins SELECTsession_id FROMsys.dm_exec_sessions WHERElogin_name='Ram' KILL52--Replace 52 with the your session ids received from earlier query DROPLOGINRam
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Server Roles •Server roles enable you to simplify the assignment of permissions at the database instance level. •Although it is possible to assign permissions to SQL logins, this can be difficult to manage. •SQL Server 2012 ships with nine built-in server roles, These built-in server roles •are fixed and, other than the public role, it is not possible to modify the permissions assigned to these roles.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent User-Defined Server Roles •User-defined server roles are a new SQL Server 2012 feature. You can use user-defined server roles to create custom server roles when using one of the existing server roles does not suit your specific requirements. Creating a user-defined server role involves performing the following steps: •Creating the user-defined server role •Granting server-level permissions to the role •Adding SQL Server logins to the role
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Credentials •Authentication information needed to access a resource outside of SQL Server. •Usually consists of a Windows login and password. •Enables users connecting using SQL Authentication, to access Windows or other resources outside of SQL Server •A Credential can be used by many SQL Server Logins. (Credential -< Logins) •A Login can be mapped to only one Credential. (Through "Login properties") •Relevant only with Mixed Authentication. (Server Properties => Security)
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Database Users •USERS -Database level principals, which define the permissions on the DB. •We can map a Server Login to a DB User. (1-1 relationship per DB) •Each DB has two Special users: •DBO •DB Owner -Most privileged user. •Members of SysAdminrole are mapped to it. •GUEST •Used for Logins who are not mapped to any DB user. •Disabled by defualt. •We can enable him and give him permissions for Public.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Database Roles •Three kinds of roles at DB level: •1.Fixed DB Roles - •Set of permissions for specific tasks (User admin, DDLs, Selects etc) •Can add new members, but the permissions are fixed. •2. User-defined DB Roles •For grouping users with similar permissions. •3. The Public Role •Fixed role which is assigned to all users. •Inherits the permissions of the Guest user.
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Application Roles •Setting a Security Context for a specific application •If a program is linked to an app. role, it executes under its permissions,insteadof under the invoker's permissions. •Enables users to perform certain actions only via the application.(More secure and less permissions administration overhead) •There are no members for App. role (Activated during the program execution) •Activation requires a password. •The role remains active until running sp_unsetapprole(Or disconnecting)
Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Data Encryption -Keys •1. Symetric •A certain key that is used for encryption and decryption. •This one key is used for both encryption and decryption, therefore both the encryptorand decryptorshould share it. •Symetrickeys are relatively fast and are usually most suitable for use. •2. A-Symetric •Contains two different keys -a Private Key and a Public key. •Data is encrypted by the Public-key, and can only be decrypted by its corresponding Private-Key. •The Private-key is kept secret, and the public one can be distributed freely,toall who need to send encrypted data to the owner of the private key. •Relatively resource-intensive and much slower than Symetrickeys, but provide a higher level of security. (As the Secret key does not have to be shared between target and source) •Usually used for the initial transfer of the Symmetric Keys... •We can choose from many different algorithms for the encrypting key. •ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/udb9/html/96c276d5-1bba-4e95- b678-10f059f1fbcf.htm

Recommandé

Lesson 3 backup
Lesson 3 backupLesson 3 backup
Lesson 3 backupRam Kedem
 
Weblogicserveroverviewtopologyconfigurationadministration
WeblogicserveroverviewtopologyconfigurationadministrationWeblogicserveroverviewtopologyconfigurationadministration
WeblogicserveroverviewtopologyconfigurationadministrationGokhan Fazli Celik
 
Weblogic
WeblogicWeblogic
Weblogicsudeeporcl
 
WebLogic Server Work Managers and Overload Protection
WebLogic Server Work Managers and Overload ProtectionWebLogic Server Work Managers and Overload Protection
WebLogic Server Work Managers and Overload ProtectionJames Bayer
 
WLST
WLSTWLST
WLSTBhavya Siddappa
 
Oracle Web Logic server
Oracle Web Logic serverOracle Web Logic server
Oracle Web Logic serverRakesh Gujjarlapudi
 
Weblogic performance tuning2
Weblogic performance tuning2Weblogic performance tuning2
Weblogic performance tuning2Aditya Bhuyan
 
Datasheet weblogic midvisionextensionforibmraf
Datasheet weblogic midvisionextensionforibmrafDatasheet weblogic midvisionextensionforibmraf
Datasheet weblogic midvisionextensionforibmrafMidVision
 

Recommandé

Lesson 3 backup
Lesson 3 backupLesson 3 backup
Lesson 3 backupRam Kedem
 
Weblogicserveroverviewtopologyconfigurationadministration
WeblogicserveroverviewtopologyconfigurationadministrationWeblogicserveroverviewtopologyconfigurationadministration
WeblogicserveroverviewtopologyconfigurationadministrationGokhan Fazli Celik
 
Weblogic
WeblogicWeblogic
Weblogicsudeeporcl
 
WebLogic Server Work Managers and Overload Protection
WebLogic Server Work Managers and Overload ProtectionWebLogic Server Work Managers and Overload Protection
WebLogic Server Work Managers and Overload ProtectionJames Bayer
 
WLST
WLSTWLST
WLSTBhavya Siddappa
 
Oracle Web Logic server
Oracle Web Logic serverOracle Web Logic server
Oracle Web Logic serverRakesh Gujjarlapudi
 
Weblogic performance tuning2
Weblogic performance tuning2Weblogic performance tuning2
Weblogic performance tuning2Aditya Bhuyan
 
Datasheet weblogic midvisionextensionforibmraf
Datasheet weblogic midvisionextensionforibmrafDatasheet weblogic midvisionextensionforibmraf
Datasheet weblogic midvisionextensionforibmrafMidVision
 
Weblogic security
Weblogic securityWeblogic security
Weblogic securityAditya Bhuyan
 
Weblogic application server
Weblogic application serverWeblogic application server
Weblogic application serverAnuj Tomar
 
WebLogic Deployment Plan Example
WebLogic Deployment Plan ExampleWebLogic Deployment Plan Example
WebLogic Deployment Plan ExampleJames Bayer
 
Implementing sql server always on
Implementing sql server always onImplementing sql server always on
Implementing sql server always onSarabpreet Anand
 
Sql 2012 always on
Sql 2012 always onSql 2012 always on
Sql 2012 always ondilip nayak
 
Always on in SQL Server 2012
Always on in SQL Server 2012Always on in SQL Server 2012
Always on in SQL Server 2012Fadi Abdulwahab
 
Using Resource Governor to Control Resource Utilization
Using Resource Governor to Control Resource UtilizationUsing Resource Governor to Control Resource Utilization
Using Resource Governor to Control Resource UtilizationSQL Server Sri Lanka User Group
 
Managing servers
Managing serversManaging servers
Managing serversArshad Havaldar
 
weblogic perfomence tuning
weblogic perfomence tuningweblogic perfomence tuning
weblogic perfomence tuningprathap kumar
 
Sql server 2012 - always on deep dive - bob duffy
Sql server 2012 - always on deep dive - bob duffySql server 2012 - always on deep dive - bob duffy
Sql server 2012 - always on deep dive - bob duffyAnuradha
 
Weblogic server administration
Weblogic server administrationWeblogic server administration
Weblogic server administrationbispsolutions
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Antonios Chatzipavlis
 
Weblogic Domain Activity
Weblogic Domain ActivityWeblogic Domain Activity
Weblogic Domain Activitysubash prakash
 
SQL Server 2016 AlwaysOn Availability Groups New Features
SQL Server 2016 AlwaysOn Availability Groups New FeaturesSQL Server 2016 AlwaysOn Availability Groups New Features
SQL Server 2016 AlwaysOn Availability Groups New FeaturesJohn Martin
 
Weblogic 12c Graphical Mode installation steps in Windows
Weblogic 12c Graphical Mode installation steps in Windows Weblogic 12c Graphical Mode installation steps in Windows
Weblogic 12c Graphical Mode installation steps in Windows webservicesm
 
SQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
SQL Server AlwaysOn for Dummies SQLSaturday #202 EditionSQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
SQL Server AlwaysOn for Dummies SQLSaturday #202 EditionMark Broadbent
 
AlwaysON Basics
AlwaysON BasicsAlwaysON Basics
AlwaysON BasicsHarsh Chawla
 
SQL Server High Availability Solutions (Pros & Cons)
SQL Server High Availability Solutions (Pros & Cons)SQL Server High Availability Solutions (Pros & Cons)
SQL Server High Availability Solutions (Pros & Cons)Hamid J. Fard
 
Windows session 5 : Basics of active directory
Windows session 5 : Basics of active directoryWindows session 5 : Basics of active directory
Windows session 5 : Basics of active directoryNavaneethan Naveen
 
Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Kumar Ashutosh
 
Remote desktop and print server
Remote desktop and print serverRemote desktop and print server
Remote desktop and print serverMuhammad Hamza
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionLearnNowOnline
 

Contenu connexe

Tendances

Weblogic application server
Weblogic application serverWeblogic application server
Weblogic application serverAnuj Tomar
 
WebLogic Deployment Plan Example
WebLogic Deployment Plan ExampleWebLogic Deployment Plan Example
WebLogic Deployment Plan ExampleJames Bayer
 
Implementing sql server always on
Implementing sql server always onImplementing sql server always on
Implementing sql server always onSarabpreet Anand
 
Sql 2012 always on
Sql 2012 always onSql 2012 always on
Sql 2012 always ondilip nayak
 
Always on in SQL Server 2012
Always on in SQL Server 2012Always on in SQL Server 2012
Always on in SQL Server 2012Fadi Abdulwahab
 
weblogic perfomence tuning
weblogic perfomence tuningweblogic perfomence tuning
weblogic perfomence tuningprathap kumar
 
Sql server 2012 - always on deep dive - bob duffy
Sql server 2012 - always on deep dive - bob duffySql server 2012 - always on deep dive - bob duffy
Sql server 2012 - always on deep dive - bob duffyAnuradha
 
Weblogic server administration
Weblogic server administrationWeblogic server administration
Weblogic server administrationbispsolutions
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Antonios Chatzipavlis
 
Weblogic Domain Activity
Weblogic Domain ActivityWeblogic Domain Activity
Weblogic Domain Activitysubash prakash
 
SQL Server 2016 AlwaysOn Availability Groups New Features
SQL Server 2016 AlwaysOn Availability Groups New FeaturesSQL Server 2016 AlwaysOn Availability Groups New Features
SQL Server 2016 AlwaysOn Availability Groups New FeaturesJohn Martin
 
Weblogic 12c Graphical Mode installation steps in Windows
Weblogic 12c Graphical Mode installation steps in Windows Weblogic 12c Graphical Mode installation steps in Windows
Weblogic 12c Graphical Mode installation steps in Windows webservicesm
 
SQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
SQL Server AlwaysOn for Dummies SQLSaturday #202 EditionSQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
SQL Server AlwaysOn for Dummies SQLSaturday #202 EditionMark Broadbent
 
SQL Server High Availability Solutions (Pros & Cons)
SQL Server High Availability Solutions (Pros & Cons)SQL Server High Availability Solutions (Pros & Cons)
SQL Server High Availability Solutions (Pros & Cons)Hamid J. Fard
 

Tendances (18)

Weblogic security
Weblogic securityWeblogic security
Weblogic security
 
Weblogic application server
Weblogic application serverWeblogic application server
Weblogic application server
 
WebLogic Deployment Plan Example
WebLogic Deployment Plan ExampleWebLogic Deployment Plan Example
WebLogic Deployment Plan Example
 
Implementing sql server always on
Implementing sql server always onImplementing sql server always on
Implementing sql server always on
 
Sql 2012 always on
Sql 2012 always onSql 2012 always on
Sql 2012 always on
 
Always on in SQL Server 2012
Always on in SQL Server 2012Always on in SQL Server 2012
Always on in SQL Server 2012
 
Using Resource Governor to Control Resource Utilization
Using Resource Governor to Control Resource UtilizationUsing Resource Governor to Control Resource Utilization
Using Resource Governor to Control Resource Utilization
 
Managing servers
Managing serversManaging servers
Managing servers
 
weblogic perfomence tuning
weblogic perfomence tuningweblogic perfomence tuning
weblogic perfomence tuning
 
Sql server 2012 - always on deep dive - bob duffy
Sql server 2012 - always on deep dive - bob duffySql server 2012 - always on deep dive - bob duffy
Sql server 2012 - always on deep dive - bob duffy
 
Weblogic server administration
Weblogic server administrationWeblogic server administration
Weblogic server administration
 
Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs Building diagnostic queries using DMVs and DMFs
Building diagnostic queries using DMVs and DMFs
 
Weblogic Domain Activity
Weblogic Domain ActivityWeblogic Domain Activity
Weblogic Domain Activity
 
SQL Server 2016 AlwaysOn Availability Groups New Features
SQL Server 2016 AlwaysOn Availability Groups New FeaturesSQL Server 2016 AlwaysOn Availability Groups New Features
SQL Server 2016 AlwaysOn Availability Groups New Features
 
Weblogic 12c Graphical Mode installation steps in Windows
Weblogic 12c Graphical Mode installation steps in Windows Weblogic 12c Graphical Mode installation steps in Windows
Weblogic 12c Graphical Mode installation steps in Windows
 
SQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
SQL Server AlwaysOn for Dummies SQLSaturday #202 EditionSQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
SQL Server AlwaysOn for Dummies SQLSaturday #202 Edition
 
AlwaysON Basics
AlwaysON BasicsAlwaysON Basics
AlwaysON Basics
 
SQL Server High Availability Solutions (Pros & Cons)
SQL Server High Availability Solutions (Pros & Cons)SQL Server High Availability Solutions (Pros & Cons)
SQL Server High Availability Solutions (Pros & Cons)
 

En vedette

Windows session 5 : Basics of active directory
Windows session 5 : Basics of active directoryWindows session 5 : Basics of active directory
Windows session 5 : Basics of active directoryNavaneethan Naveen
 
Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Kumar Ashutosh
 
Remote desktop and print server
Remote desktop and print serverRemote desktop and print server
Remote desktop and print serverMuhammad Hamza
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionLearnNowOnline
 
Active directory ii
Active directory iiActive directory ii
Active directory iideshvikas
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directorythoms1i
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directoryanilinvns
 
Active directory windows server 2008
Active directory windows server 2008Active directory windows server 2008
Active directory windows server 2008Ferdinan Julianto
 
Install Windows Server 2012 Step-by-Step
Install Windows Server 2012 Step-by-StepInstall Windows Server 2012 Step-by-Step
Install Windows Server 2012 Step-by-StepMehdi Poustchi Amin
 
SQL Tutorial - Basic Commands
SQL Tutorial - Basic CommandsSQL Tutorial - Basic Commands
SQL Tutorial - Basic Commands1keydata
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012anilinvns
 

En vedette (16)

Windows session 5 : Basics of active directory
Windows session 5 : Basics of active directoryWindows session 5 : Basics of active directory
Windows session 5 : Basics of active directory
 
Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server Understanding DNSSEC in Windows DNS Server
Understanding DNSSEC in Windows DNS Server
 
Remote desktop and print server
Remote desktop and print serverRemote desktop and print server
Remote desktop and print server
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data Protection
 
Print server
Print serverPrint server
Print server
 
Active directory ii
Active directory iiActive directory ii
Active directory ii
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Servers
ServersServers
Servers
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Web servers
Web serversWeb servers
Web servers
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directory
 
Active directory windows server 2008
Active directory windows server 2008Active directory windows server 2008
Active directory windows server 2008
 
Install Windows Server 2012 Step-by-Step
Install Windows Server 2012 Step-by-StepInstall Windows Server 2012 Step-by-Step
Install Windows Server 2012 Step-by-Step
 
SQL Tutorial - Basic Commands
SQL Tutorial - Basic CommandsSQL Tutorial - Basic Commands
SQL Tutorial - Basic Commands
 
Active Directory
Active Directory Active Directory
Active Directory
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012
 

Similaire à Lesson 5 security

MSSQL Server - Automation
MSSQL Server - AutomationMSSQL Server - Automation
MSSQL Server - AutomationRam Kedem
 
Dealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NETDealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NETFernando G. Guerrero
 
Dealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NETDealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NETFernando G. Guerrero
 
Role-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4jRole-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4jNeo4j
 
Lesson 1 configuring
Lesson 1 configuringLesson 1 configuring
Lesson 1 configuringRam Kedem
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101IDERA Software
 
Azure sql database limitations
Azure sql database limitationsAzure sql database limitations
Azure sql database limitationsBRIJESH KUMAR
 
sql server authentication types by moamen hany
sql server authentication types by moamen hanysql server authentication types by moamen hany
sql server authentication types by moamen hanyMoamen Hany ELNASHAR
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.pptRahafKhalid14
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...SpanishPASSVC
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellScott Sutherland
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureKarim Vaes
 
Sql dba 2008 r2 online training
Sql dba 2008 r2 online trainingSql dba 2008 r2 online training
Sql dba 2008 r2 online trainingsssql
 
Sql server 2012 dba online training
Sql server 2012 dba online trainingSql server 2012 dba online training
Sql server 2012 dba online trainingsqlmasters
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015Scott Sutherland
 
Sql server dba certification
Sql server dba certificationSql server dba certification
Sql server dba certificationsssql
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 

Similaire à Lesson 5 security (20)

MSSQL Server - Automation
MSSQL Server - AutomationMSSQL Server - Automation
MSSQL Server - Automation
 
Dealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NETDealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NET
 
Dealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NETDealing with SQL Security from ADO.NET
Dealing with SQL Security from ADO.NET
 
Where should I be encrypting my data?
Where should I be encrypting my data? Where should I be encrypting my data?
Where should I be encrypting my data?
 
Role-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4jRole-Based Access Control (RBAC) in Neo4j
Role-Based Access Control (RBAC) in Neo4j
 
Lesson 1 configuring
Lesson 1 configuringLesson 1 configuring
Lesson 1 configuring
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
 
Azure sql database limitations
Azure sql database limitationsAzure sql database limitations
Azure sql database limitations
 
sql server authentication types by moamen hany
sql server authentication types by moamen hanysql server authentication types by moamen hany
sql server authentication types by moamen hany
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShellDerbyCon2016 - Hacking SQL Server on Scale with PowerShell
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
 
The Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server SecurityThe Spy Who Loathed Me - An Intro to SQL Server Security
The Spy Who Loathed Me - An Intro to SQL Server Security
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went Azure
 
Sql dba 2008 r2 online training
Sql dba 2008 r2 online trainingSql dba 2008 r2 online training
Sql dba 2008 r2 online training
 
Sql server 2012 dba online training
Sql server 2012 dba online trainingSql server 2012 dba online training
Sql server 2012 dba online training
 
Sql Server Security Best Practices
Sql Server Security Best PracticesSql Server Security Best Practices
Sql Server Security Best Practices
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 201510 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
 
Sql server dba certification
Sql server dba certificationSql server dba certification
Sql server dba certification
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 

Plus de Ram Kedem

Impala use case @ edge
Impala use case @ edgeImpala use case @ edge
Impala use case @ edgeRam Kedem
 
Advanced SQL Webinar
Advanced SQL WebinarAdvanced SQL Webinar
Advanced SQL WebinarRam Kedem
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database InstanceRam Kedem
 
Power Pivot and Power View
Power Pivot and Power ViewPower Pivot and Power View
Power Pivot and Power ViewRam Kedem
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSASRam Kedem
 
Data mining In SSAS
Data mining In SSASData mining In SSAS
Data mining In SSASRam Kedem
 
SQL Injections - Oracle
SQL Injections - OracleSQL Injections - Oracle
SQL Injections - OracleRam Kedem
 
SSAS Attributes
SSAS AttributesSSAS Attributes
SSAS AttributesRam Kedem
 
DDL Practice (Hebrew)
DDL Practice (Hebrew)DDL Practice (Hebrew)
DDL Practice (Hebrew)Ram Kedem
 
DML Practice (Hebrew)
DML Practice (Hebrew)DML Practice (Hebrew)
DML Practice (Hebrew)Ram Kedem
 
Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Ram Kedem
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQLRam Kedem
 
Introduction to Databases
Introduction to DatabasesIntroduction to Databases
Introduction to DatabasesRam Kedem
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Ram Kedem
 
Pig - Processing XML data
Pig - Processing XML dataPig - Processing XML data
Pig - Processing XML dataRam Kedem
 
SSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesSSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesRam Kedem
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic ParametersRam Kedem
 
SSRS Conditional Formatting
SSRS Conditional FormattingSSRS Conditional Formatting
SSRS Conditional FormattingRam Kedem
 

Plus de Ram Kedem (20)

Impala use case @ edge
Impala use case @ edgeImpala use case @ edge
Impala use case @ edge
 
Advanced SQL Webinar
Advanced SQL WebinarAdvanced SQL Webinar
Advanced SQL Webinar
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
 
Power Pivot and Power View
Power Pivot and Power ViewPower Pivot and Power View
Power Pivot and Power View
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSAS
 
Data mining In SSAS
Data mining In SSASData mining In SSAS
Data mining In SSAS
 
SQL Injections - Oracle
SQL Injections - OracleSQL Injections - Oracle
SQL Injections - Oracle
 
SSAS Attributes
SSAS AttributesSSAS Attributes
SSAS Attributes
 
SSRS Matrix
SSRS MatrixSSRS Matrix
SSRS Matrix
 
DDL Practice (Hebrew)
DDL Practice (Hebrew)DDL Practice (Hebrew)
DDL Practice (Hebrew)
 
DML Practice (Hebrew)
DML Practice (Hebrew)DML Practice (Hebrew)
DML Practice (Hebrew)
 
Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQL
 
Introduction to Databases
Introduction to DatabasesIntroduction to Databases
Introduction to Databases
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014
 
Pig - Processing XML data
Pig - Processing XML dataPig - Processing XML data
Pig - Processing XML data
 
SSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesSSAS Cubes & Hierarchies
SSAS Cubes & Hierarchies
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic Parameters
 
SSRS Gauges
SSRS GaugesSSRS Gauges
SSRS Gauges
 
SSRS Conditional Formatting
SSRS Conditional FormattingSSRS Conditional Formatting
SSRS Conditional Formatting
 

Dernier

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Lesson 5 security

  • 1. Managing Security - Logins and Server Roles Ram Kedem
  • 2. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Principals •Principals are entities that can request SQL Server resources. •Like other components of the SQL Server authorization model, principals can be arranged in a hierarchy. •The scope of influence of a principal depends on the scope of the definition of the principal: •Windows •Server •Database
  • 3. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Principals •Windows-level principals •Windows Domain Login •Windows Local Login •SQL Server-levelprincipals •SQL Server Login •Server Role •Database-level principals •Database User •Database Role •Application Role
  • 4. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Securables •Securablesare the resources to which the SQL Server Database Engine authorization system regulates access. •The securable scopes are server, database, and schema.
  • 5. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Securables •Server Level •Endpoint •Database •Database Level •User •Database role •Application role •Schema •Schema Level •Function •Procedure •Table •View
  • 6. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent SQL Logins •Logins are the credentials that authenticate connections to an instance. •You can differentiate SQL Server logins based on the type of authentication method used: •Windows-authenticated login •SQL Server–authenticated login •Certificate •Asymmetric key
  • 7. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Windows-Authenticated SQL Server Logins •Windows-authenticated SQL Server logins are instance logins in which the operating system handles authentication. •You can map a Windows-authenticated SQL Server login to a local user account, a local security group, a domain user account, or a domain security group. •The type of authentication you use depends on your organization’s needs. Controlling access by using local computer-based or domain-based groups can reduce the number of SQL logins required but requires giving database administrators the ability to manage membership of these groups.
  • 8. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent SQL Server–Authenticated Logins •SQL Server–authenticated logins are authenticated by the Database Engine instance rather than through the host operating system or a domain controller. •SQL Server–authenticated login passwords are stored within the master database. •If the SQL Server authentication option button is disabled, you must configure the instance to support mixed-mode authentication. •You can create a SQL Server–authenticated login to use the password expiration and complexity policies that apply to the host operating system. •Windows Server 2008 -Start -Administrative Tools -Local Security Policy.
  • 9. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users -General
  • 10. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users –Server Roles
  • 11. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users –User Mapping
  • 12. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Creating Users -Securables
  • 13. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Fixed Server-Level Roles •sysadminRole -members can perform all activities possible on the Database Engine instance. You specify initial membership of this role when performing installation of the Database Engine feature. •serveradmin-Members of the serveradminfixed server role can change server-wide configuration options and shut down the server (creation of new logins for example is not possible) •securityadmin-Members of the securityadminfixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions if they have access to a database. Additionally, they can reset passwords for SQL Server logins. •processadmin-Members of the processadminfixed server role can end processes that are running in an instance of SQL Server. •setupadmin-Members of the setupadminfixed server role can add and remove linked servers. •bulkadmin-Members of the bulkadminfixed server role can run the BULK INSERT statement.
  • 14. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Fixed Server-Level Roles •diskadmin-The diskadminfixed server role is used for managing disk files. •dbcreator-Members of the dbcreatorfixed server role can create, alter, drop, and restore any database. •public-Every SQL Serverlogin belongs to the public server role. When a server principal has not been granted or denied specific permissions on a securable object, the user inherits the permissions granted to public on that object.Only assign public permissions on any object when you want the object to be available to all users. You cannot change membership in public.
  • 15. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Altering Existing Logins •You can alter existing logins using SQL Server Management Studio to edit the properties of the login. You can also alter existing logins by using the ALTER LOGIN Transact-SQL statement.
  • 16. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Login-Related Catalog Views SELECT*FROMsys.server_principals SELECTtype_desc,COUNT(*) FROMsys.server_principals GROUPBYtype_desc
  • 17. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Removing Logins •You can remove a login by using SQL Server Management Studio, right-clicking the login, and clicking Delete. •You can also remove a login by using the DROP LOGIN Transact-SQL •statement. •You cannot dropa login while that login has an active connection to the database instance. •You cannot dropa login that owns a SQL Server Agent job, a server-level object, or a securable.
  • 18. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Removing Logins •Although it is possible to drop logins that are mapped to database users, this •creates orphaned users. •It is often prudent to disablerather than drop a login because it is simpler to re-enable a login that is mapped to multiple database users than it is to re-create a login if circumstances change. •Login cannot be dropped as long as it has active connection. If you can't drop a Login sine it has some active session, kill that specific session :
  • 19. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Removing Logins SELECTsession_id FROMsys.dm_exec_sessions WHERElogin_name='Ram' KILL52--Replace 52 with the your session ids received from earlier query DROPLOGINRam
  • 20. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Server Roles •Server roles enable you to simplify the assignment of permissions at the database instance level. •Although it is possible to assign permissions to SQL logins, this can be difficult to manage. •SQL Server 2012 ships with nine built-in server roles, These built-in server roles •are fixed and, other than the public role, it is not possible to modify the permissions assigned to these roles.
  • 21. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent User-Defined Server Roles •User-defined server roles are a new SQL Server 2012 feature. You can use user-defined server roles to create custom server roles when using one of the existing server roles does not suit your specific requirements. Creating a user-defined server role involves performing the following steps: •Creating the user-defined server role •Granting server-level permissions to the role •Adding SQL Server logins to the role
  • 22. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Credentials •Authentication information needed to access a resource outside of SQL Server. •Usually consists of a Windows login and password. •Enables users connecting using SQL Authentication, to access Windows or other resources outside of SQL Server •A Credential can be used by many SQL Server Logins. (Credential -< Logins) •A Login can be mapped to only one Credential. (Through "Login properties") •Relevant only with Mixed Authentication. (Server Properties => Security)
  • 23. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Database Users •USERS -Database level principals, which define the permissions on the DB. •We can map a Server Login to a DB User. (1-1 relationship per DB) •Each DB has two Special users: •DBO •DB Owner -Most privileged user. •Members of SysAdminrole are mapped to it. •GUEST •Used for Logins who are not mapped to any DB user. •Disabled by defualt. •We can enable him and give him permissions for Public.
  • 24. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Database Roles •Three kinds of roles at DB level: •1.Fixed DB Roles - •Set of permissions for specific tasks (User admin, DDLs, Selects etc) •Can add new members, but the permissions are fixed. •2. User-defined DB Roles •For grouping users with similar permissions. •3. The Public Role •Fixed role which is assigned to all users. •Inherits the permissions of the Guest user.
  • 25. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Application Roles •Setting a Security Context for a specific application •If a program is linked to an app. role, it executes under its permissions,insteadof under the invoker's permissions. •Enables users to perform certain actions only via the application.(More secure and less permissions administration overhead) •There are no members for App. role (Activated during the program execution) •Activation requires a password. •The role remains active until running sp_unsetapprole(Or disconnecting)
  • 26. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Data Encryption -Keys •1. Symetric •A certain key that is used for encryption and decryption. •This one key is used for both encryption and decryption, therefore both the encryptorand decryptorshould share it. •Symetrickeys are relatively fast and are usually most suitable for use. •2. A-Symetric •Contains two different keys -a Private Key and a Public key. •Data is encrypted by the Public-key, and can only be decrypted by its corresponding Private-Key. •The Private-key is kept secret, and the public one can be distributed freely,toall who need to send encrypted data to the owner of the private key. •Relatively resource-intensive and much slower than Symetrickeys, but provide a higher level of security. (As the Secret key does not have to be shared between target and source) •Usually used for the initial transfer of the Symmetric Keys... •We can choose from many different algorithms for the encrypting key. •ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/udb9/html/96c276d5-1bba-4e95- b678-10f059f1fbcf.htm