Enviar pesquisa
Carregar
SQL Server Security Basics
•
1 gostou
•
725 visualizações
LearnNowOnline
Seguir
Understand potential data threats and how SQL Server’s design protects against them.
Leia menos
Leia mais
Tecnologia
Vista de apresentação de diapositivos
Denunciar
Compartilhar
Vista de apresentação de diapositivos
Denunciar
Compartilhar
1 de 69
Recomendados
Basics of telecommunication and networking
Basics of telecommunication and networking
Milan Padariya
Telecommunication
Telecommunication
shahryarshahzad
Telecom ppt
Telecom ppt
Vikas Saini
Basic of telecommunication presentation
Basic of telecommunication presentation
hannah05
telecommunication-ppt
telecommunication-ppt
secomps
Windows 8: Shapes and Geometries
Windows 8: Shapes and Geometries
LearnNowOnline
SQL: Permissions and Data Protection
SQL: Permissions and Data Protection
LearnNowOnline
New in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDE
LearnNowOnline
Recomendados
Basics of telecommunication and networking
Basics of telecommunication and networking
Milan Padariya
Telecommunication
Telecommunication
shahryarshahzad
Telecom ppt
Telecom ppt
Vikas Saini
Basic of telecommunication presentation
Basic of telecommunication presentation
hannah05
telecommunication-ppt
telecommunication-ppt
secomps
Windows 8: Shapes and Geometries
Windows 8: Shapes and Geometries
LearnNowOnline
SQL: Permissions and Data Protection
SQL: Permissions and Data Protection
LearnNowOnline
New in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDE
LearnNowOnline
Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programming
LearnNowOnline
Asynchronous Programming
Asynchronous Programming
LearnNowOnline
WPF: Working with Data
WPF: Working with Data
LearnNowOnline
WPF Binding
WPF Binding
LearnNowOnline
A tour of SQL Server
A tour of SQL Server
LearnNowOnline
Introducing LINQ
Introducing LINQ
LearnNowOnline
Generics
Generics
LearnNowOnline
Object oriented techniques
Object oriented techniques
LearnNowOnline
Object-Oriented JavaScript
Object-Oriented JavaScript
LearnNowOnline
SharePoint Document Management
SharePoint Document Management
LearnNowOnline
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPath
LearnNowOnline
Managing site collections
Managing site collections
LearnNowOnline
Web API HTTP Pipeline
Web API HTTP Pipeline
LearnNowOnline
Web API Basics
Web API Basics
LearnNowOnline
SQL Server: Security
SQL Server: Security
LearnNowOnline
Sql 2012 development and programming
Sql 2012 development and programming
LearnNowOnline
What's new in Silverlight 5
What's new in Silverlight 5
LearnNowOnline
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVC
LearnNowOnline
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction Design
LearnNowOnline
The Entity Data Model
The Entity Data Model
LearnNowOnline
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Mais conteúdo relacionado
Mais de LearnNowOnline
Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programming
LearnNowOnline
Asynchronous Programming
Asynchronous Programming
LearnNowOnline
WPF: Working with Data
WPF: Working with Data
LearnNowOnline
WPF Binding
WPF Binding
LearnNowOnline
A tour of SQL Server
A tour of SQL Server
LearnNowOnline
Introducing LINQ
Introducing LINQ
LearnNowOnline
Generics
Generics
LearnNowOnline
Object oriented techniques
Object oriented techniques
LearnNowOnline
Object-Oriented JavaScript
Object-Oriented JavaScript
LearnNowOnline
SharePoint Document Management
SharePoint Document Management
LearnNowOnline
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPath
LearnNowOnline
Managing site collections
Managing site collections
LearnNowOnline
Web API HTTP Pipeline
Web API HTTP Pipeline
LearnNowOnline
Web API Basics
Web API Basics
LearnNowOnline
SQL Server: Security
SQL Server: Security
LearnNowOnline
Sql 2012 development and programming
Sql 2012 development and programming
LearnNowOnline
What's new in Silverlight 5
What's new in Silverlight 5
LearnNowOnline
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVC
LearnNowOnline
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction Design
LearnNowOnline
The Entity Data Model
The Entity Data Model
LearnNowOnline
Mais de LearnNowOnline
(20)
Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programming
Asynchronous Programming
Asynchronous Programming
WPF: Working with Data
WPF: Working with Data
WPF Binding
WPF Binding
A tour of SQL Server
A tour of SQL Server
Introducing LINQ
Introducing LINQ
Generics
Generics
Object oriented techniques
Object oriented techniques
Object-Oriented JavaScript
Object-Oriented JavaScript
SharePoint Document Management
SharePoint Document Management
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPath
Managing site collections
Managing site collections
Web API HTTP Pipeline
Web API HTTP Pipeline
Web API Basics
Web API Basics
SQL Server: Security
SQL Server: Security
Sql 2012 development and programming
Sql 2012 development and programming
What's new in Silverlight 5
What's new in Silverlight 5
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVC
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction Design
The Entity Data Model
The Entity Data Model
Último
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Último
(20)
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
SQL Server Security Basics
1.
SQL Server Security
Basics Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
2.
Objectives • Understand potential
data threats and how SQL Server’s design protects against them • Learn about SQL Server and Windows integrated authentication • See how SQL Server provides an authorization system to control access to data and objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
3.
Agenda • Security Overview •
Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
4.
Security Overview • Relational
data is a tempting target for attackers • SQL Server 2008 provides plenty of features to secure your data and server • Need to understand the threats • Match countermeasures to the threats Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
5.
The Threats • Identifying
threats is a critical first step • Type of data will probably influence security measures • Sometimes the best way to protect data is to never put it in a database • Typical threats • Theft of data • Data vandalism • Protecting data integrity • Illegal storage • Understand threats to protect against them Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
6.
Security Design Philosophy •
Trustworthy Computing memo, 2002 • Four pillars of security design • Secure by design • Secure by default • Secure in deployment • Secure through communications • “It’s just secure” • Implications throughout the product • SQL Server is reasonably secure out of the box • Your job is to keep it secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
7.
The Two Stages
of Security • Similar to Windows security • Authentication: who are you? • Authorization: now that we know who you are, what can you do? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
8.
Key SQL Server
Security Terms Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
9.
Key SQL Server
Security Terms • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
10.
Key SQL Server
Security Terms • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
11.
Key SQL Server
Security Terms • Authentication • Authorization • Group Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
12.
Key SQL Server
Security Terms • Authentication • Authorization • Group • Impersonation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
13.
Key SQL Server
Security Terms • Authentication • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
14.
Key SQL Server
Security Terms • Authentication • Permission • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
15.
Key SQL Server
Security Terms • Authentication • Permission • Authorization • Principal • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
16.
Key SQL Server
Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
17.
Key SQL Server
Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
18.
Key SQL Server
Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login • User Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
19.
Agenda • Security Overview •
Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
20.
Authentication • Process of
verifying that a principal is who or what it claims to be • SQL Server has to uniquely identify principals in order to authorize • Two paths to authentication • Windows authentication • SQL Server authentication • Authentication modes • Mixed Mode Authentication • Windows Only Authentication Mode Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
21.
Windows Integrated •
SQL Server assumes a trust relationship with Windows Server • Windows does the heavy lifting for authentication • The SQL Server checks permissions on the principal • Advantages • Single user login • Auditing features • Simplified login management • Password policies • Changes only take effect when user connects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
22.
Configuring SQL Server Security
Settings • Select either when install or later • Settings apply to all databases and server objects in an instance of SQL Server • Changing modes after installation may or may not cause problems • Windows to Mixed • Mixed to Windows Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
23.
SQL Server Authentication •
Client applications must provide login credentials as part of connection string • Logins stored in SQL Server • Windows authentication stronger • But must use SQL Server authentication with old versions of Windows, non- Windows systems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
24.
Windows and SQL
Server Logins • SQL Server logins are not stored in Windows • Disabled if you select Windows authentication • Mixed mode is much more flexible • But less secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
25.
Beware of the
sa Login • System administrator login • Mapped to sysadmin fixed server role • Conveys full system administrator privileges • Cannot modify or delete • Must use a strong password! • Use only as access of last resort • NEVER use sa for database access through client applications Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
26.
Password Policy and Enforcement •
Before SQL Server 2005, no enforcement of passwords for SQL Server logins • No minimum strength • No expiration policy • SQL Server now hooks into Windows password policy • Windows Server 2003, Vista, and later versions • NetValidatePasswordPolicy API method Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
27.
Contained Databases • Not
a security feature per se • But introduces a new authentication scheme • Solves problem of moving databases • Past: move database plus external dependencies • Contained databases solves associated problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
28.
Contained Databases •
Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
29.
Contained Databases Authentication
Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
30.
Contained Databases Authentication Connection
Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
31.
Contained Databases Authentication Connection
Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
32.
Contained Databases Authentication Connection
Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
33.
Contained Databases Authentication Connection
Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
34.
Contained Databases Authentication Connection
Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
35.
Contained Databases Authentication Connection
Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
36.
Contained Databases Authentication Connection
Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
37.
Contained Databases Authentication Connection
Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
38.
Contained Databases Authentication Connection
Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
39.
Contained Databases Authentication Connection
Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
40.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
41.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
42.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
43.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
44.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
45.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
46.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
47.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
48.
Contained Databases Authentication Connection
Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
49.
Agenda • Security Overview •
Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
50.
Authorization • Principals: user
or process allowed to access securable objects • Securables: protected resource • Permissions: type of access Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
51.
Principals
Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
52.
Principals • Windows-level
principals • Windows Domain Login • Windows Group • Windows Local Login • SQL Server-level principals • SQL Server Login • SQL Server Login mapped to a certificate • SQL Server login mapped to a Windows login • SQL Server Login mapped to an asymmetric key • Database-level principals • Application Role • Database Role • Database User • Database User mapped to a certificate • Database User mapped to a Windows login • Database User mapped to an asymmetric key • Public Role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
53.
Principals • Scope of
a principal determines scope of permission • Principal can be a login, user, or role • Roles are analogous to Windows groups • Users in role inherit role’s permissions • Simplify security management • Types of roles • Fixed server roles • User-defined server roles • Fixed database roles • User-defined database roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
54.
Fixed Server Roles •
Cannot alter, even to add new ones, except to add logins to a role • Server roles • System administrator • Bulk insert administrator • Database creator • Disk administrator • Process administrator • Server administrator • Setup administrator • Security administrator Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
55.
User-Defined Server Roles •
Long awaited security feature • Long have had user-defined database roles • But nothing at the server level • Used to be, only way to grant some permissions was through a fixed server role • SQL Server 2012 solves these problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
56.
Fixed Database Roles •
Control authorization within a database • Configure each database individually • Database roles • db_accessadmin • db_backupoperator • db_datareader • db_datawriter • db_ddladmin • db_denydatareader • db_denydatawriter • db_owner • db_securityadmin Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
57.
The Public Role •
Every database user assigned to this role • Be very careful about granting permissions • Normally restrict permissions for this role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
58.
The dbo (Database
Owner) Role • Mapped to sysadmin fixed server role • Not related to db_owner role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
59.
User-Defined Database Roles •
Standard role • Application role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
60.
Securable Objects • Protected
resource that you can control access to • Physical object or action Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
61.
Securable Objects
Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
62.
Securable Objects
Server Database Endpoint Remote Binding Route Server Role SQL Server Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
63.
Securable Objects
Server Database Database Endpoint Application Role Remote Binding Assembly Route Asymmetric Key Server Role Certificate SQL Server Database user Login Fixed Database Role Full-Text Catalog Message Type Schema Service Service Contract Symmetric Key Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
64.
Securable Objects
Server Database Database Endpoint Application Role Schema Remote Binding Assembly Default Route Asymmetric Key Function Server Role Certificate Procedure SQL Server Database user Query Stats Login Fixed Database Queue Role Rule Full-Text Synonym Catalog Table Message Type Trigger Schema Type Service View Service Contract XML Schema Symmetric Key Collection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
65.
Learn More!
Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
66.
Learn More! • This
is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
67.
Learn More! • This
is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
68.
Learn More! • This
is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
69.
Learn More! • This
is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare A Tour of SQL Server Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Notas do Editor
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
DEMO – Adding a Windows Login, Window Logins via Transact-SQL\n
DEMO – rest of section and SQL Server Logins via Transact-SQL\n
\n
\n
DEMO – rest of section\n
\n
DEMO\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
DEMO – rest of section\n
DEMMO – rest of section\n
DEMO – rest of section\n
\n
\n
DEMO – rest of section\n
\n
\n
\n
\n
\n
\n
\n
\n
DEMO: rest of section\n
DEMO: rest of section\n
DEMO: rest of section\n
DEMO: rest of section\n