Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Published byAmanda Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign."— Presentation transcript:

1 Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign permissions to user accounts and roles  Manage security within SQL Server.

2 Authentication Processing  When a user connects to SQL Server, the client opens a trusted connection to SQL Server, which passes the user’s Windows 2000 security credentials to SQL Server  If SQL Server finds the user’s Windows 2000 user account or group account in the list of SQL Server login accounts in the sysxlogins system table, it accepts the connection.

3 Windows Authentication Mode Advantages  Provides more features, such as secure validation and encryption of passwords, auditing, password expiration, minimum password length, and account lockout after an invalid password.  Enables you to add groups of users to SQL Server by adding a single login account.  Enables users to access SQL Server quickly, without having to remember another login account and password.

4 Mixed Mode Authentication Advantages Mixed Mode, and the SQL Server Authentication mechanism in particular, enables non-Windows 2000 clients, Internet clients, and mixed client groups to connect to SQL Server.

5  Can create login accounts from existing Windows 2000 users and groups, or can create new SQL Server login accounts.  Login accounts are stored in the master..sysxlogins system table.  System or security administrators can execute stored procedures to allow or disallow a Windows 2000 user or group account to connect to SQL Server Create a Login Account

6 System Stored ProcedureDescription sp_grantloginAdds a login account entry for a Windows 2000 user or SQL Server group sp_revokeloginRemoves the login account entries for a windows 2000 user or group from SQL Server sp_denyloginPrevents a Windows 2000 user or group from connecting to SQL Server

7 Create a Login Account SQL Server login accounts and passwords can contain up to 128 characters, including letters, symbols, and digits. However, login accounts cannot: contain a backslash character, be a reserved login account – for example, sa. be null or an empty string (“ ”)

8 Default Login Accounts BUILTIN\Administrators is provided as the default login account for all Windows 2000 administrators. It has all rights on the SQL Server and in all databases. System administrator (sa) is a special login account that has all rights on the SQL Server and in all databases. It is provided for backward compatibility and should not be used routinely. This account is only enabled when SQL Server is using Mixed Mode Authentication.

9 Assign Logins to User Accounts  Add User Accounts using:  SQL Server Enterprise Manager  sp_grantdbaaccess  Dbo User Account: The sa login and members of the System Administrators (sysadmin) role are mapped to a special user account inside all databases called dbo. Any object that a system administrator creates automatically belongs to dbo. The dbo user is a default account and cannot be deleted.

10 Assign Logins (ctd)  Guest User Account The guest user account allows logins without user accounts to access a database. Login accounts assume the identity of the guest user when both of the following conditions are met:  The login account has access to SQL Server but does not have access to the database through its own user account.  The database contains a guest user account.

11 Roles Roles provide a means of assembling users into a single unit to which permissions can be applied. Roles include: Fixed Server Roles Fixed Database Roles User-defined Database Roles

12 Fixed Server Role Privileges Role Privileges SysadminCan perform any activity in SQL Server ServeradminCan set serverwide configuration options, shut down the server SetupadminCan manage linked servers and startup procedures SecurityadminCan manage logins and CREATE DATABASE permissions, also read error logs and change passwords ProcessadminCan manage processes running in SQL Server DbcreatorCan create, alter, and drop databases DiskadminCan manage disk files BulkadminCan execute BULK INSERT Statements (Groupings of administrative privileges at the server level)

13 Fixed Database Role Privileges (Groupings of administrative privileges at the database level) db_ownerHas all permissions in the database db_accessadminCan add or remove user IDs db_securityadminCan manage all permissions, object ownerships, roles, and role memberships db_ddladminCan issue ALL DDL, but cannot issue GRANT, REVOKE, or DENY statements. db_backupoperatorCan issue DBCC, CHECKPOINT, and BACKUP statements db_datareaderCan select all data from any user table in the database db_datawriterCan modify any data from any user table in the database db_denydatareaderCannot select any data from any user table in the database db_denydatawriterCannot modify any data from any user table in the database RolePrivileges

14 User-defined Database Role Creating a user-defined database role enables you to create a group of users with a set of common permissions. Add a Role: When a group of users need to perform the same activities in SQL Server If you do not have permissions to manage Windows 2000 accounts

15 Permissions Permissions specify which database objects users are authorized to use and what the users can do with those objects.

16 Types of Permissions 1.Statement Permissions Activities that involve creating a database or items in a database require a class of permissions called statement permissions. Statement Permissions give users the privilege of issuing certain Transact-SQL statements including: Create Database, Create Table, Create view, Create Procedure, Create Rule, Create Default, Create function, Backup Database, Backup Log

17 Types of Permissions 2. Object Permissions: Activities that involve working with data or executing procedures require a class of permissions known as object permissions: Table and view Permissions: Select, Insert, Update Table/view, Delete, References Column Permissions: Select, Update column, and references Stored Procedure Permissions: Exec

18 Types of Permissions 3.Predefined Permissions: Only members of fixed roles or owners of database objects can perform certain activities. Permissions to perform these activities are called predefined or implicit permissions Fixed Role Permissions: Fixed roles have implicit administrative permissions. Object owner Permissions: Object owners also have implied permissions that allow them to perform all activities with objects that they own.

19 Command Line Interface (CLI) Security can also be managed from the command line interface (CLI)

20 CLI – Create Logins Create a SQL Server Login sp_addlogin ‘MrsDeveloperSQL’, ‘password’ Create a Windows account Login sp_grantlogin ‘SENECADOM\MrsDboNT’

21 CLI – Work with Database Users  Map Login Accounts to a User account USE pubs2 Go EXEC sp_grantdbaccess ‘SENECADOM\MrsDboNT’, ‘MrsDboNT’ Go

22 CLI – Work with Database Users CommandResult sp_helploginsDisplays information about a login sp_droploginRemoves a login sp_revokeloginRemoves a login sp_denyloginDenies a login sp_passwordChanges a login’s password sp_defaultdbSets a login’s default database sp_validateloginsShows “orphans” in the database. These are logins that exist in SQL Server but no longer exist as Windows accounts

23 CLI – Work with Roles  Add SQL 2000 user to the sysadmin group sp_addsrvrolemember ‘SuperUser’, ‘sysadmin’  Add a new database role of developers sp_addrole ‘Developers’

24 CLI – Work with Roles CommandResult sp_droproleRemoves a role sp_helproleDisplays information about a role sp_helpdbfixedroleDisplays privileges the fixed roles have

25 CLI – Work with Permissions  Grant Select access to a table Grant Select On authors To MrsDeveloperSQL GO  Deny Insert access to a table Deny Insert On authors To MrsDeveloperSQL GO Revoke Select permissions from a table Revoke Select On authors From MrsDeveloperSQL GO

Download ppt "Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign."

Similar presentations

MySQL Access Privilege System

MySQL Access Privilege System
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Understand Database Security Concepts

Understand Database Security Concepts
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Mike Fal - www.mikefal.net SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.

Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.

Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Working with Workgroups and Domains

Working with Workgroups and Domains
Chapter 4 SQL. SQL server Microsoft SQL Server is a client/server database management system. Microsoft SQL Server is a client/server database management.

Chapter 4 SQL. SQL server Microsoft SQL Server is a client/server database management system. Microsoft SQL Server is a client/server database management.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

Similar presentations

Ads by Google