SQL Server: Security

915 views

Published on

Explore some of the best new security features in SQL Server.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
915
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • DEMO: rest of section\n
  • DEMO: rest of section\n
  • DEMO: rest of section\n
  • DEMO: rest of section\n
  • SQL Server: Security

    1. 1. SQL Server: Security Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    2. 2. Security in SQL Server 2012 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    3. 3. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    4. 4. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 • New version builds on that new foundation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    5. 5. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 • New version builds on that new foundation • Will explore some of the best new security features Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    6. 6. Security in SQL Server 2012 • Rebuilt security from the ground up in SQL Server 2005 • New version builds on that new foundation • Will explore some of the best new security features • Are they enough to make an upgrade mandatory? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    7. 7. What’s New in Security? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    8. 8. What’s New in Security? • Not a lot, but it’s good Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    9. 9. What’s New in Security? • Not a lot, but it’s good • Security Management Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    10. 10. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    11. 11. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    12. 12. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    13. 13. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    14. 14. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    15. 15. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection • Encryption enhancements Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    16. 16. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection • Encryption enhancements • Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    17. 17. What’s New in Security? • Not a lot, but it’s good • Security Management • Default schema for groups • User-defined server roles • Authentication • Contained databases • Data Protection • Encryption enhancements • Auditing • Lots of goodies for DBAs Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    18. 18. Security Management Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    19. 19. Security Management • Default schema for groups Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    20. 20. Security Management • Default schema for groups • Fixes a big hole Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    21. 21. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    22. 22. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    23. 23. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries • Default schema for users solved a problem Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    24. 24. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries • Default schema for users solved a problem • But caused others Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    25. 25. Security Management • Default schema for groups • Fixes a big hole • Avoids creating implicit schemas • Less chance of wrong schema in queries • Default schema for users solved a problem • But caused others • Allowing them for groups solves it Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    26. 26. Security Management Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    27. 27. Security Management • User-defined server roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    28. 28. Security Management • User-defined server roles • Server-level principal Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    29. 29. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    30. 30. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    31. 31. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    32. 32. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    33. 33. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    34. 34. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    35. 35. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission • IMPERSONATE on the server principal for logins Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    36. 36. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission • IMPERSONATE on the server principal for logins • ALTER for server roles used as the server principal Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    37. 37. Security Management • User-defined server roles • Server-level principal • Grant server-level permissions • Mix of GRANT and DENY permissions • T-SQL: CREATE/ALTER/DROP SERVER ROLE • Can only assign server-level permissions • Permissions needed • CREATE SERVER ROLE permission • IMPERSONATE on the server principal for logins • ALTER for server roles used as the server principal • Others if you assign server role ownership Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    38. 38. Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    39. 39. Authentication • Contained databases Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    40. 40. Authentication • Contained databases • Can create a SQL user with a password Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    41. 41. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    42. 42. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    43. 43. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    44. 44. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    45. 45. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    46. 46. Authentication • Contained databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if any Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    47. 47. Contained DatabaseAuthentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    48. 48. Contained DatabaseAuthentication Connection Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    49. 49. Contained DatabaseAuthentication Connection Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    50. 50. Contained DatabaseAuthentication Connection Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    51. 51. Contained DatabaseAuthentication Connection Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    52. 52. Contained DatabaseAuthentication Connection Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    53. 53. Contained DatabaseAuthentication Connection Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    54. 54. Contained DatabaseAuthentication Connection Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    55. 55. Contained DatabaseAuthentication Connection Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    56. 56. Contained DatabaseAuthentication Connection Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    57. 57. Contained DatabaseAuthentication Connection Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    58. 58. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    59. 59. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    60. 60. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    61. 61. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    62. 62. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    63. 63. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    64. 64. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    65. 65. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    66. 66. Contained DatabaseAuthentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    67. 67. Contained Database Issues Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    68. 68. Contained Database Issues • Security issues you have to be careful about Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    69. 69. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    70. 70. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account • Duplicate logins Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    71. 71. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account • Duplicate logins • Increased access when containment status changes Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    72. 72. Contained Database Issues • Security issues you have to be careful about • Accessing other databases using the guest account • Duplicate logins • Increased access when containment status changes • Attaching a contained database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    73. 73. Data Protection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    74. 74. Data Protection • Cryptography Enhancements Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    75. 75. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    76. 76. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    77. 77. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    78. 78. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! • Maximum certificate key length increased to 4,096 from 3,456 Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    79. 79. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! • Maximum certificate key length increased to 4,096 from 3,456 • Service and database master keys now use AES instead of Triple-DES (for backups too) Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    80. 80. Data Protection • Cryptography Enhancements • HASHBYTES supports SHA2 256 and 512 bits • Passwords hashed with SHA512 • RC4 is deprecated, supported only when compatibility set to 90 or 100. Don’t use it! • Maximum certificate key length increased to 4,096 from 3,456 • Service and database master keys now use AES instead of Triple-DES (for backups too) • FROM BINARY option on CREATE CERTIFICATE Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    81. 81. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    82. 82. Auditing • Basic server auditing supported in all SQL Server editions! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    83. 83. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    84. 84. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    85. 85. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    86. 86. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets • Better performance Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    87. 87. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets • Better performance • Persist state Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    88. 88. Auditing • Basic server auditing supported in all SQL Server editions! • Database auditing only in Enterprise, Datacenter, Developer, and Evaluation editions • No longer need to rely on SQLTrace • Multiple audits and targets • Better performance • Persist state • Audit resilience Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    89. 89. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    90. 90. Auditing • Resilient to failure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    91. 91. Auditing • Resilient to failure • Can recover from failure to write to the log Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    92. 92. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    93. 93. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors • Wee bit better than shutdown on failure! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    94. 94. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors • Wee bit better than shutdown on failure! • FAIL_OPERATION option for the ON_FAILURE event in CREATE SERVER AUDIT Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    95. 95. Auditing • Resilient to failure • Can recover from failure to write to the log • From most file or network errors • Wee bit better than shutdown on failure! • FAIL_OPERATION option for the ON_FAILURE event in CREATE SERVER AUDIT • If problem with audit initiation at startup, server instance won’t start Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    96. 96. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    97. 97. Auditing • Cap files without rollover Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    98. 98. Auditing • Cap files without rollover • Formerly could have either: Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    99. 99. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    100. 100. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    101. 101. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    102. 102. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over • Control amount of information without losing audit records Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    103. 103. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over • Control amount of information without losing audit records • MAX_FILES option on CREATE SERVER AUDIT Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    104. 104. Auditing • Cap files without rollover • Formerly could have either: • Indeterminate number of log files • Rollover after predefined number of files • Now can cap without rolling over • Control amount of information without losing audit records • MAX_FILES option on CREATE SERVER AUDIT • Blocks and rolls back operations until clear Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    105. 105. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    106. 106. Auditing • User-defined audit events Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    107. 107. Auditing • User-defined audit events • Write what you want to the audit log Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    108. 108. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    109. 109. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write • @user_defined_event_id Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    110. 110. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write • @user_defined_event_id • @succeeded Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    111. 111. Auditing • User-defined audit events • Write what you want to the audit log • sp_audit_write • @user_defined_event_id • @succeeded • @user_defined_info (custom string) Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    112. 112. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    113. 113. Auditing • Filter audit events Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    114. 114. Auditing • Filter audit events • Built on extended events Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    115. 115. Auditing • Filter audit events • Built on extended events • Pretty fine control over what gets written Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    116. 116. Auditing • Filter audit events • Built on extended events • Pretty fine control over what gets written • Use the WHERE clause on the CREATE SERVER AUDIT statement Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    117. 117. Auditing Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    118. 118. Auditing • T-SQL stack frame information Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    119. 119. Auditing • T-SQL stack frame information • Determine if query from stored procedure or directly from application Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    120. 120. Auditing • T-SQL stack frame information • Determine if query from stored procedure or directly from application • See the nested frame for the query Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    121. 121. Learn More! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    122. 122. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    123. 123. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    124. 124. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details!• Learn more about SQL Server on SlideShare: Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
    125. 125. Learn More!• This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details!• Learn more about SQL Server on SlideShare:  SQL 2012: Development & Programming Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

    ×