SlideShare a Scribd company logo

SQL Server Security Basics

LearnNowOnline
LearnNowOnline

Understand potential data threats and how SQL Server’s design protects against them.

Technology
1 of 69
SQL Server Security Basics Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Objectives • Understand potential data threats and how SQL Server’s design protects against them • Learn about SQL Server and Windows integrated authentication • See how SQL Server provides an authorization system to control access to data and objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Security Overview • Relational data is a tempting target for attackers • SQL Server 2008 provides plenty of features to secure your data and server • Need to understand the threats • Match countermeasures to the threats Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The Threats • Identifying threats is a critical first step • Type of data will probably influence security measures • Sometimes the best way to protect data is to never put it in a database • Typical threats • Theft of data • Data vandalism • Protecting data integrity • Illegal storage • Understand threats to protect against them Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Security Design Philosophy • Trustworthy Computing memo, 2002 • Four pillars of security design • Secure by design • Secure by default • Secure in deployment • Secure through communications • “It’s just secure” • Implications throughout the product • SQL Server is reasonably secure out of the box • Your job is to keep it secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The Two Stages of Security • Similar to Windows security • Authentication: who are you? • Authorization: now that we know who you are, what can you do? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization • Group Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login • User Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Authentication • Process of verifying that a principal is who or what it claims to be • SQL Server has to uniquely identify principals in order to authorize • Two paths to authentication • Windows authentication • SQL Server authentication • Authentication modes • Mixed Mode Authentication • Windows Only Authentication Mode Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Windows Integrated • SQL Server assumes a trust relationship with Windows Server • Windows does the heavy lifting for authentication • The SQL Server checks permissions on the principal • Advantages • Single user login • Auditing features • Simplified login management • Password policies • Changes only take effect when user connects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Configuring SQL Server Security Settings • Select either when install or later • Settings apply to all databases and server objects in an instance of SQL Server • Changing modes after installation may or may not cause problems • Windows to Mixed • Mixed to Windows Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
SQL Server Authentication • Client applications must provide login credentials as part of connection string • Logins stored in SQL Server • Windows authentication stronger • But must use SQL Server authentication with old versions of Windows, non- Windows systems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Windows and SQL Server Logins • SQL Server logins are not stored in Windows • Disabled if you select Windows authentication • Mixed mode is much more flexible • But less secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Beware of the sa Login • System administrator login • Mapped to sysadmin fixed server role • Conveys full system administrator privileges • Cannot modify or delete • Must use a strong password! • Use only as access of last resort • NEVER use sa for database access through client applications Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Password Policy and Enforcement • Before SQL Server 2005, no enforcement of passwords for SQL Server logins • No minimum strength • No expiration policy • SQL Server now hooks into Windows password policy • Windows Server 2003, Vista, and later versions • NetValidatePasswordPolicy API method Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases • Not a security feature per se • But introduces a new authentication scheme • Solves problem of moving databases • Past: move database plus external dependencies • Contained databases solves associated problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Authorization • Principals: user or process allowed to access securable objects • Securables: protected resource • Permissions: type of access Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Principals Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Principals • Windows-level principals • Windows Domain Login • Windows Group • Windows Local Login • SQL Server-level principals • SQL Server Login • SQL Server Login mapped to a certificate • SQL Server login mapped to a Windows login • SQL Server Login mapped to an asymmetric key • Database-level principals • Application Role • Database Role • Database User • Database User mapped to a certificate • Database User mapped to a Windows login • Database User mapped to an asymmetric key • Public Role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Principals • Scope of a principal determines scope of permission • Principal can be a login, user, or role • Roles are analogous to Windows groups • Users in role inherit role’s permissions • Simplify security management • Types of roles • Fixed server roles • User-defined server roles • Fixed database roles • User-defined database roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Fixed Server Roles • Cannot alter, even to add new ones, except to add logins to a role • Server roles • System administrator • Bulk insert administrator • Database creator • Disk administrator • Process administrator • Server administrator • Setup administrator • Security administrator Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
User-Defined Server Roles • Long awaited security feature • Long have had user-defined database roles • But nothing at the server level • Used to be, only way to grant some permissions was through a fixed server role • SQL Server 2012 solves these problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Fixed Database Roles • Control authorization within a database • Configure each database individually • Database roles • db_accessadmin • db_backupoperator • db_datareader • db_datawriter • db_ddladmin • db_denydatareader • db_denydatawriter • db_owner • db_securityadmin Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The Public Role • Every database user assigned to this role • Be very careful about granting permissions • Normally restrict permissions for this role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
The dbo (Database Owner) Role • Mapped to sysadmin fixed server role • Not related to db_owner role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
User-Defined Database Roles • Standard role • Application role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects • Protected resource that you can control access to • Physical object or action Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Server Database Endpoint Remote Binding Route Server Role SQL Server Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Server Database Database Endpoint Application Role Remote Binding Assembly Route Asymmetric Key Server Role Certificate SQL Server Database user Login Fixed Database Role Full-Text Catalog Message Type Schema Service Service Contract Symmetric Key Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Securable Objects Server Database Database Endpoint Application Role Schema Remote Binding Assembly Default Route Asymmetric Key Function Server Role Certificate Procedure SQL Server Database user Query Stats Login Fixed Database Queue Role Rule Full-Text Synonym Catalog Table Message Type Trigger Schema Type Service View Service Contract XML Schema Symmetric Key Collection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare  A Tour of SQL Server Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

Recommended

Basics of telecommunication and networking
Basics of telecommunication and networkingBasics of telecommunication and networking
Basics of telecommunication and networkingMilan Padariya
 
Telecommunication
TelecommunicationTelecommunication
Telecommunicationshahryarshahzad
 
Telecom ppt
Telecom pptTelecom ppt
Telecom pptVikas Saini
 
Basic of telecommunication presentation
Basic of telecommunication presentationBasic of telecommunication presentation
Basic of telecommunication presentationhannah05
 
telecommunication-ppt
telecommunication-ppttelecommunication-ppt
telecommunication-pptsecomps
 
Windows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesWindows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesLearnNowOnline
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionLearnNowOnline
 
New in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDENew in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDELearnNowOnline
 

Recommended

Basics of telecommunication and networking
Basics of telecommunication and networkingBasics of telecommunication and networking
Basics of telecommunication and networkingMilan Padariya
 
Telecommunication
TelecommunicationTelecommunication
Telecommunicationshahryarshahzad
 
Telecom ppt
Telecom pptTelecom ppt
Telecom pptVikas Saini
 
Basic of telecommunication presentation
Basic of telecommunication presentationBasic of telecommunication presentation
Basic of telecommunication presentationhannah05
 
telecommunication-ppt
telecommunication-ppttelecommunication-ppt
telecommunication-pptsecomps
 
Windows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesWindows 8: Shapes and Geometries
Windows 8: Shapes and GeometriesLearnNowOnline
 
SQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionSQL: Permissions and Data Protection
SQL: Permissions and Data ProtectionLearnNowOnline
 
New in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDENew in the Visual Studio 2012 IDE
New in the Visual Studio 2012 IDELearnNowOnline
 
Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingAttributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingLearnNowOnline
 
Asynchronous Programming
Asynchronous ProgrammingAsynchronous Programming
Asynchronous ProgrammingLearnNowOnline
 
WPF: Working with Data
WPF: Working with DataWPF: Working with Data
WPF: Working with DataLearnNowOnline
 
WPF Binding
WPF BindingWPF Binding
WPF BindingLearnNowOnline
 
A tour of SQL Server
A tour of SQL ServerA tour of SQL Server
A tour of SQL ServerLearnNowOnline
 
Introducing LINQ
Introducing LINQIntroducing LINQ
Introducing LINQLearnNowOnline
 
Generics
GenericsGenerics
GenericsLearnNowOnline
 
Object oriented techniques
Object oriented techniquesObject oriented techniques
Object oriented techniquesLearnNowOnline
 
Object-Oriented JavaScript
Object-Oriented JavaScriptObject-Oriented JavaScript
Object-Oriented JavaScriptLearnNowOnline
 
SharePoint Document Management
SharePoint Document ManagementSharePoint Document Management
SharePoint Document ManagementLearnNowOnline
 
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathSharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathLearnNowOnline
 
Managing site collections
Managing site collectionsManaging site collections
Managing site collectionsLearnNowOnline
 
Web API HTTP Pipeline
Web API HTTP PipelineWeb API HTTP Pipeline
Web API HTTP PipelineLearnNowOnline
 
Web API Basics
Web API BasicsWeb API Basics
Web API BasicsLearnNowOnline
 
SQL Server: Security
SQL Server: SecuritySQL Server: Security
SQL Server: SecurityLearnNowOnline
 
Sql 2012 development and programming
Sql 2012 development and programmingSql 2012 development and programming
Sql 2012 development and programmingLearnNowOnline
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5LearnNowOnline
 
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCKnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCLearnNowOnline
 
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignExpression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignLearnNowOnline
 
The Entity Data Model
The Entity Data ModelThe Entity Data Model
The Entity Data ModelLearnNowOnline
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

More Related Content

More from LearnNowOnline

Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingAttributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingLearnNowOnline
 
Asynchronous Programming
Asynchronous ProgrammingAsynchronous Programming
Asynchronous ProgrammingLearnNowOnline
 
WPF: Working with Data
WPF: Working with DataWPF: Working with Data
WPF: Working with DataLearnNowOnline
 
Object oriented techniques
Object oriented techniquesObject oriented techniques
Object oriented techniquesLearnNowOnline
 
Object-Oriented JavaScript
Object-Oriented JavaScriptObject-Oriented JavaScript
Object-Oriented JavaScriptLearnNowOnline
 
SharePoint Document Management
SharePoint Document ManagementSharePoint Document Management
SharePoint Document ManagementLearnNowOnline
 
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathSharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathLearnNowOnline
 
Managing site collections
Managing site collectionsManaging site collections
Managing site collectionsLearnNowOnline
 
Sql 2012 development and programming
Sql 2012 development and programmingSql 2012 development and programming
Sql 2012 development and programmingLearnNowOnline
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5LearnNowOnline
 
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCKnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCLearnNowOnline
 
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignExpression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignLearnNowOnline
 

More from LearnNowOnline (20)

Attributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programmingAttributes, reflection, and dynamic programming
Attributes, reflection, and dynamic programming
 
Asynchronous Programming
Asynchronous ProgrammingAsynchronous Programming
Asynchronous Programming
 
WPF: Working with Data
WPF: Working with DataWPF: Working with Data
WPF: Working with Data
 
WPF Binding
WPF BindingWPF Binding
WPF Binding
 
A tour of SQL Server
A tour of SQL ServerA tour of SQL Server
A tour of SQL Server
 
Introducing LINQ
Introducing LINQIntroducing LINQ
Introducing LINQ
 
Generics
GenericsGenerics
Generics
 
Object oriented techniques
Object oriented techniquesObject oriented techniques
Object oriented techniques
 
Object-Oriented JavaScript
Object-Oriented JavaScriptObject-Oriented JavaScript
Object-Oriented JavaScript
 
SharePoint Document Management
SharePoint Document ManagementSharePoint Document Management
SharePoint Document Management
 
SharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPathSharePoint: Introduction to InfoPath
SharePoint: Introduction to InfoPath
 
Managing site collections
Managing site collectionsManaging site collections
Managing site collections
 
Web API HTTP Pipeline
Web API HTTP PipelineWeb API HTTP Pipeline
Web API HTTP Pipeline
 
Web API Basics
Web API BasicsWeb API Basics
Web API Basics
 
SQL Server: Security
SQL Server: SecuritySQL Server: Security
SQL Server: Security
 
Sql 2012 development and programming
Sql 2012 development and programmingSql 2012 development and programming
Sql 2012 development and programming
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5
 
KnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVCKnockOutJS with ASP.NET MVC
KnockOutJS with ASP.NET MVC
 
Expression Blend Motion & Interaction Design
Expression Blend Motion & Interaction DesignExpression Blend Motion & Interaction Design
Expression Blend Motion & Interaction Design
 
The Entity Data Model
The Entity Data ModelThe Entity Data Model
The Entity Data Model
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

SQL Server Security Basics

  • 1. SQL Server Security Basics Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 2. Objectives • Understand potential data threats and how SQL Server’s design protects against them • Learn about SQL Server and Windows integrated authentication • See how SQL Server provides an authorization system to control access to data and objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 3. Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 4. Security Overview • Relational data is a tempting target for attackers • SQL Server 2008 provides plenty of features to secure your data and server • Need to understand the threats • Match countermeasures to the threats Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 5. The Threats • Identifying threats is a critical first step • Type of data will probably influence security measures • Sometimes the best way to protect data is to never put it in a database • Typical threats • Theft of data • Data vandalism • Protecting data integrity • Illegal storage • Understand threats to protect against them Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 6. Security Design Philosophy • Trustworthy Computing memo, 2002 • Four pillars of security design • Secure by design • Secure by default • Secure in deployment • Secure through communications • “It’s just secure” • Implications throughout the product • SQL Server is reasonably secure out of the box • Your job is to keep it secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 7. The Two Stages of Security • Similar to Windows security • Authentication: who are you? • Authorization: now that we know who you are, what can you do? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 8. Key SQL Server Security Terms Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 9. Key SQL Server Security Terms • Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 10. Key SQL Server Security Terms • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 11. Key SQL Server Security Terms • Authentication • Authorization • Group Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 12. Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 13. Key SQL Server Security Terms • Authentication • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 14. Key SQL Server Security Terms • Authentication • Permission • Authorization • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 15. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 16. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 17. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 18. Key SQL Server Security Terms • Authentication • Permission • Authorization • Principal • Group • Privilege • Impersonation • Role • Login • User Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 19. Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 20. Authentication • Process of verifying that a principal is who or what it claims to be • SQL Server has to uniquely identify principals in order to authorize • Two paths to authentication • Windows authentication • SQL Server authentication • Authentication modes • Mixed Mode Authentication • Windows Only Authentication Mode Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 21. Windows Integrated • SQL Server assumes a trust relationship with Windows Server • Windows does the heavy lifting for authentication • The SQL Server checks permissions on the principal • Advantages • Single user login • Auditing features • Simplified login management • Password policies • Changes only take effect when user connects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 22. Configuring SQL Server Security Settings • Select either when install or later • Settings apply to all databases and server objects in an instance of SQL Server • Changing modes after installation may or may not cause problems • Windows to Mixed • Mixed to Windows Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 23. SQL Server Authentication • Client applications must provide login credentials as part of connection string • Logins stored in SQL Server • Windows authentication stronger • But must use SQL Server authentication with old versions of Windows, non- Windows systems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 24. Windows and SQL Server Logins • SQL Server logins are not stored in Windows • Disabled if you select Windows authentication • Mixed mode is much more flexible • But less secure Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 25. Beware of the sa Login • System administrator login • Mapped to sysadmin fixed server role • Conveys full system administrator privileges • Cannot modify or delete • Must use a strong password! • Use only as access of last resort • NEVER use sa for database access through client applications Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 26. Password Policy and Enforcement • Before SQL Server 2005, no enforcement of passwords for SQL Server logins • No minimum strength • No expiration policy • SQL Server now hooks into Windows password policy • Windows Server 2003, Vista, and later versions • NetValidatePasswordPolicy API method Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 27. Contained Databases • Not a security feature per se • But introduces a new authentication scheme • Solves problem of moving databases • Past: move database plus external dependencies • Contained databases solves associated problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 28. Contained Databases • Can create a SQL user with a password • Windows user in database • Not associated with a login • Authenticate against contained database • Get a token for that database only • Security boundary is tightly scoped • If authentication fails at database, doesn’t fall back to duplicate login, if Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 29. Contained Databases Authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 30. Contained Databases Authentication Connection Request Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 31. Contained Databases Authentication Connection Request Initial catalog specified? Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 32. Contained Databases Authentication Connection Request Initial catalog specified? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 33. Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 34. Contained Databases Authentication Connection Request Initial Yes Initial catalog catalog specified? contained? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 35. Contained Databases Authentication Connection Request Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 36. Contained Databases Authentication Connection Matching Request user in database ? SQL Server Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 37. Contained Databases Authentication Connection Matching Request user in database ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 38. Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No Initial Yes Initial Yes Authent- catalog catalog ication specified? contained? type? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 39. Contained Databases Authentication Connection Matching Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- catalog catalog ication Authentication specified? contained? type? failure No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 40. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 41. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 42. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 43. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching login or group? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 44. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 45. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 46. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 47. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial Yes Initial Yes Authent- No Permis- Yes catalog catalog ication Authentication sion in specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 48. Contained Databases Authentication Connection Matching Yes Yes Request user in Password database match? ? SQL Server No No Initial catalog Yes Initial catalog Yes Authent- ication * Authentication No Permis- sion in Yes specified? contained? type? failure database ? No No No Windows Matching Matching Yes principal Yes login or in group? database ? No Server-level Database authentication authentication Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 49. Agenda • Security Overview • Authentication • Authorization Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 50. Authorization • Principals: user or process allowed to access securable objects • Securables: protected resource • Permissions: type of access Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 51. Principals Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 52. Principals • Windows-level principals • Windows Domain Login • Windows Group • Windows Local Login • SQL Server-level principals • SQL Server Login • SQL Server Login mapped to a certificate • SQL Server login mapped to a Windows login • SQL Server Login mapped to an asymmetric key • Database-level principals • Application Role • Database Role • Database User • Database User mapped to a certificate • Database User mapped to a Windows login • Database User mapped to an asymmetric key • Public Role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 53. Principals • Scope of a principal determines scope of permission • Principal can be a login, user, or role • Roles are analogous to Windows groups • Users in role inherit role’s permissions • Simplify security management • Types of roles • Fixed server roles • User-defined server roles • Fixed database roles • User-defined database roles Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 54. Fixed Server Roles • Cannot alter, even to add new ones, except to add logins to a role • Server roles • System administrator • Bulk insert administrator • Database creator • Disk administrator • Process administrator • Server administrator • Setup administrator • Security administrator Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 55. User-Defined Server Roles • Long awaited security feature • Long have had user-defined database roles • But nothing at the server level • Used to be, only way to grant some permissions was through a fixed server role • SQL Server 2012 solves these problems Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 56. Fixed Database Roles • Control authorization within a database • Configure each database individually • Database roles • db_accessadmin • db_backupoperator • db_datareader • db_datawriter • db_ddladmin • db_denydatareader • db_denydatawriter • db_owner • db_securityadmin Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 57. The Public Role • Every database user assigned to this role • Be very careful about granting permissions • Normally restrict permissions for this role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 58. The dbo (Database Owner) Role • Mapped to sysadmin fixed server role • Not related to db_owner role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 59. User-Defined Database Roles • Standard role • Application role Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 60. Securable Objects • Protected resource that you can control access to • Physical object or action Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 61. Securable Objects Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 62. Securable Objects Server Database Endpoint Remote Binding Route Server Role SQL Server Login Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 63. Securable Objects Server Database Database Endpoint Application Role Remote Binding Assembly Route Asymmetric Key Server Role Certificate SQL Server Database user Login Fixed Database Role Full-Text Catalog Message Type Schema Service Service Contract Symmetric Key Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 64. Securable Objects Server Database Database Endpoint Application Role Schema Remote Binding Assembly Default Route Asymmetric Key Function Server Role Certificate Procedure SQL Server Database user Query Stats Login Fixed Database Queue Role Rule Full-Text Synonym Catalog Table Message Type Trigger Schema Type Service View Service Contract XML Schema Symmetric Key Collection Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 65. Learn More! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 66. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 67. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 68. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 69. Learn More! • This is an excerpt from a larger course. Visit www.learnnowonline.com for the full details! • Learn more about about SQL Server on SlideShare  A Tour of SQL Server Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. DEMO – Adding a Windows Login, Window Logins via Transact-SQL\n
  22. DEMO – rest of section and SQL Server Logins via Transact-SQL\n
  23. \n
  24. \n
  25. DEMO – rest of section\n
  26. \n
  27. DEMO\n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n
  54. \n
  55. \n
  56. \n
  57. \n
  58. \n
  59. \n
  60. \n
  61. \n
  62. \n
  63. \n
  64. \n
  65. \n
  66. \n
  67. \n
  68. \n
  69. \n
  70. \n
  71. \n
  72. \n
  73. \n
  74. \n
  75. \n
  76. \n
  77. \n
  78. \n
  79. \n
  80. DEMO – rest of section\n
  81. DEMMO – rest of section\n
  82. DEMO – rest of section\n
  83. \n
  84. \n
  85. DEMO – rest of section\n
  86. \n
  87. \n
  88. \n
  89. \n
  90. \n
  91. \n
  92. \n
  93. \n
  94. DEMO: rest of section\n
  95. DEMO: rest of section\n
  96. DEMO: rest of section\n
  97. DEMO: rest of section\n