Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.

Published byBranden Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and."— Presentation transcript:

1 Module 4: Managing Security

2 Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and Roles Managing Security Within SQL Server Managing Application Security Managing SQL Server Security in the Enterprise

3  Implementing an Authentication Mode Authentication Processing Choosing an Authentication Mode Mutual Authentication Using Kerberos Impersonation and Delegation Encryption Steps in Implementing an Authentication Mode Creating Login Accounts Setting Up Login Accounts

4 Authentication Processing sysxloginssysxlogins Windows 2000 Group or User SQL Server Login Account sysxloginssysxlogins Verifies entry in sysxlogins table; trusts that Windows 2000 has verified password Verifies entry in sysxlogins table; trusts that Windows 2000 has verified password Verifies entry in sysxlogins table, and verifies password SQL Server

5 Choosing an Authentication Mode Advantages of Windows Authentication Mode Advanced security features Adding groups as one account Fast access Advantages of Mixed Mode Non-Windows 2000 and Internet clients can use it to connect

6 Mutual Authentication Using Kerberos SQL Server Mutual Authentication Encrypted Data Password Encrypted Data Password User KerberosKerberos

7 Impersonation and Delegation File system File system Impersonation Delegation SQL Server

8 Encryption Internal Encryption Login passwords Transact-SQL definitions Network Encryption

9 Steps in Implementing an Authentication Mode Set the Authentication Mode Stop and Restart MSSQLServer Service Create Windows 2000 Groups and Users Authorize Windows 2000 Groups and Users to Access SQL Server Authorize Windows 2000 Groups and Users to Access SQL Server Create SQL Server Login Accounts for Users Who Connect with Non-Trusted Connections Create SQL Server Login Accounts for Users Who Connect with Non-Trusted Connections

10 Creating Login Accounts master..sysxloginsmaster..sysxlogins name BUILTIN\Administrators accountingdomain\payroll accountingdomain\maria mary sa BUILTIN\Administrators accountingdomain\payroll accountingdomain\maria mary sa dbname master Northwind pubs master Northwind pubs master password NULL ******** NULL ********

11 Demonstration: Setting Up Login Accounts

12 Lab A: Managing Security

13  Assigning Login Accounts to Users and Roles Northwind..sysusersNorthwind..sysusers uid name 01370137 01370137 public dbo INFORMATION_SCHEMA payroll public dbo INFORMATION_SCHEMA payroll Users are stored here Users are stored here Permissions are stored here Permissions are stored here Northwind..sysprotectsNorthwind..sysprotects id 1977058079 uid 00070007 00070007 action 193 195 196 193 195 196 193 protecttype 205

14 Assigning Login Accounts to User Accounts Adding User Accounts SQL Server Enterprise Manager sp_grantdbaccess system stored procedure dbo User Account guest User Account

15  Assigning Login Accounts to Roles Fixed Server Roles Fixed Database Roles User-defined Database Roles

16 Fixed Server Roles RoleRolePermissionPermission sysadmin Perform any activity dbcreator Create and alter databases diskadmin Manage disk files processadmin Manage SQL Server processes serveradmin Configure server-wide settings setupadmin Install replication securityadmin Manage and audit server logins bulkadmin Execute BULK INSERT statements

17 Fixed Database Roles RoleRolePermissionPermission public Maintain all default permissions db_owner Perform any database role activity db_accessadmin Add or remove database users, groups, and roles Add or remove database users, groups, and roles db_ddladmin Add, modify, or drop database objects db_security admin Assign statement and object permissions db_backupoperator Back up database db_datareader Read data from any table db_datawriter Add, change, or delete data from all tables db_denydatareader Cannot read data from any table db_denydatawriter Cannot change data in any table

18 User-defined Database Roles Add a Role: When a Group of People Needs to Perform the Same Activities in SQL Server If You Do Not Have Permissions to Manage Windows 2000 Accounts

19 Demonstration: Assigning Login Accounts to User Accounts and Roles

20  Assigning Permissions to Users and Roles Types of Permissions Granting, Denying, and Revoking Permissions Granting permissions to allow access Denying permissions to prevent access Revoking granted and denied permissions

21 Types of PermissionsPredefinedPredefined Fixed Role Object Owner ObjectObject SELECT INSERT UPDATE DELETE REFERENCES SELECT INSERT UPDATE DELETE REFERENCES SELECT UPDATE REFERENCES SELECT UPDATE REFERENCES EXEC TABLE VIEW COLUMN STORED PROCEDUREStatementStatement CREATE DATABASE CREATE TABLE CREATE VIEW CREATE PROCEDURE CREATE RULE CREATE DEFAULT CREATE FUNCTION BACKUP DATABASE BACKUP LOG

22  Granting, Denying, and Revoking Permissions GRANT: Can Perform Action REVOKE: Neutral REVOKE: Neutral DENY: Cannot Perform Action

23 Granting Permissions to Allow Access User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE DRIDRI

24 Denying Permissions to Prevent Access User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE DRIDRI

25 Revoking Granted and Denied Permissions User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE DRIDRI

26 Managing Security Within SQL Server Determine Use of Default Login Accounts sa BUILTIN\Administrators Determine Function of guest User Account Determine public Role Permissions Apply Permissions to Roles Create Objects with Owner dbo Secure CmdExec and ActiveScripting Job Steps

27 Lab B: Managing Permissions

28  Managing Application Security Managing Security with Views and Stored Procedures Managing Client Application Security with Application Roles

29 Managing Security with Views and Stored Procedures EmployeesEmployees EmployeeID 123123 123123 LastName Davolio Fuller Leverling Davolio Fuller Leverling FirstName Nancy Andrew Janet Nancy Andrew Janet ReportsTo 2222 2222... SELECT * FROM Employees EXEC Employee_Update 1, 9 SELECT * FROM Employee_View

30  Managing Client Application Security with Application RolesOrdersOrders OrderID CustomerID EmployeeID 10248 10249 10250 10248 10249 10250 VINET TOMSP HANAR VINET TOMSP HANAR 312312 312312... Microsoft Excel Order Entry Application

31 Creating Application Roles Creating an Application Role Inserts a Row into the sysusers Table Managing Application Role Permissions

32 EXEC sp_setapprole 'SalesApp', {ENCRYPT N'hg_7532LR'}, 'ODBC' Activating Application Roles User Must Specify Password Scope Is Current Database—if User Switches to Another Database, User Has Guest Permissions in That Database Role Cannot Be Deactivated Until User Disconnects

33 Lab C: Managing Application Security

34  Managing SQL Server Security in the Enterprise Using Group Policy to Secure SQL Server Using Proxy Servers, Firewalls, and Routers Using On-the-Wire Encryption to Secure Data

35 Using Group Policy to Secure SQL Server Security Areas That Can Be Configured Account policies Restricted groups Software policies

36 Using Proxy Servers, Firewalls, and Routers User SQL Server Microsoft Proxy Server Internet S e c u r e

37 Using On-the-Wire Encryption to Secure Data Internet Protocol Security Secure Sockets Layer

38 Use Mixed Mode for Non-Trusted or Internet Clients Only Use the sysadmin Role Rather Than the sa Login Account Remove Windows 2000 Accounts First, Then SQL Server Accounts dbo User Should Own All Objects Use Stored Procedures and Views to Simplify Security Recommended Practices

39 Review Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and Roles Managing Security Within SQL Server Managing Application Security Managing SQL Server Security in the Enterprise

Download ppt "Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and."

Similar presentations

Module 5: Performing Administrative Tasks. Overview Configuration Tasks Routine SQL Server Administrative Tasks Automating Routine Maintenance Tasks Creating.

Module 5: Performing Administrative Tasks. Overview Configuration Tasks Routine SQL Server Administrative Tasks Automating Routine Maintenance Tasks Creating.
Prepared by : Intesar G Ali - IT DepartmentPalestinian Land Authority 1 SQL Server 2005 Security Date :13-3-2011.

Prepared by : Intesar G Ali - IT DepartmentPalestinian Land Authority 1 SQL Server 2005 Security Date :
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,

SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 9-1 COS 346 Day 21.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 9-1 COS 346 Day 21.
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.

Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Mike Fal - www.mikefal.net SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.

Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Overview What is SQL Server? Creating databases Administration Security Backup.

Overview What is SQL Server? Creating databases Administration Security Backup.
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
Database Application Security Models

Database Application Security Models
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.

Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Similar presentations

Ads by Google