Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

Module 12: Auditing SQL Server Environments
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
CREATE LOGIN James WITH PASSWORD = 'A' Answer: SQL 2005 and 2008 can enforce the password policy of the operating system. CREATE LOGIN James WITH PASSWORD.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Module 5: Creating and Configuring Group Policy
Module 4: Implementing User, Group, and Computer Accounts
Module 3: Configuring Active Directory Objects and Trusts.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Understanding Active Directory
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 13 Automating SQL Server 2008 R2 Management.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Module 1: Installing Active Directory Domain Services
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Securing Microsoft® Exchange Server 2010
Managing Active Directory Domain Services Objects
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Module 7: Fundamentals of Administering Windows Server 2008.
Module 19 Managing Multiple Servers. Module Overview Working with Multiple Servers Virtualizing SQL Server Deploying and Upgrading Data-Tier Applications.
Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |
Module 11: Remote Access Fundamentals
Module 9 Designing and Implementing Stored Procedures.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 3: Configuring Active Directory Objects and Trusts.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
Microsoft ® Official Course Module 3 Managing Active Directory Domain Services Objects.
Module 14 Configuring Security for SQL Server Agent.
Module 9 Configuring Messaging Policy and Compliance.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
Module 15 Monitoring SQL Server 2008 R2 with Alerts and Notifications.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 11: Securing a Microsoft ASP.NET Web Application.
Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Module 3 Managing Recipient Objects. Module Overview Managing Mailboxes Managing Other Recipients Configuring Address Policies Configuring Address.
Module 3: Managing a Microsoft ® Windows ® Small Business Server Environment.
Module 3 Designing and Implementing Tables. Module Overview Designing Tables Working with Schemas Creating and Altering Tables.
Module 1: Implementing Active Directory ® Domain Services.
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Module 5: Creating and Configuring Group Policies.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Module 11 Authorizing Users to Access Resources. Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Module 1 Introduction to SQL Server® 2008 R2 and its Toolset.
Module 3 Planning for Active Directory®
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
1 Chapter Overview Granting Database-Specific Permissions Using Application Roles Designing an Access and Permissions Strategy.
1 Chapter Overview Understanding the Authentication Process Understanding the Authorization Process Creating and Managing Logins.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Administrating a Database
Nassau Community College
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Designing Database Solutions for SQL Server
Implementing Database Roles in the Enterprise Geodatababse
Intermediate Security Topics in SQL SERver
Administrating a Database
Presentation transcript:

Module 9 Authenticating and Authorizing Users

Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization Across Servers

Lesson 1: Authenticating Connections to SQL Server Overview of SQL Server Security SQL Server Authentication Options Managing Windows Logins Managing SQL Server Logins and Policies

Overview of SQL Server Security

SQL Server can be configured in two modes: SQL Server Authentication Options Authentication is the process of verifying an identity Windows Authentication Mixed SQL and Windows Authentication

Managing Windows Logins Create Windows logins using:  Object Explorer option in SSMS  T-SQL CREATE LOGIN statement Remove using DROP LOGIN  Returns error if user currently logged on CREATE LOGIN [AdventureWorks\Student] FROM WINDOWS WITH DEFAULT_DATABASE=[tempdb], DEFAULT_LANGUAGE=[us_english]; GO CREATE LOGIN [AdventureWorks\Salespeople] FROM WINDOWS; GO CREATE LOGIN [AdventureWorks\Student] FROM WINDOWS WITH DEFAULT_DATABASE=[tempdb], DEFAULT_LANGUAGE=[us_english]; GO CREATE LOGIN [AdventureWorks\Salespeople] FROM WINDOWS; GO

Managing SQL Server Logins and Policies Create SQL Server logins using:  Object Explorer option in SSMS  T-SQL CREATE LOGIN statement Decide if account policy should apply Use ALTER LOGIN to:  Reset passwords  Disable/Enable logins CREATE LOGIN SalesManager WITH PASSWORD = 'Pa$$w0rd', CHECK_POLICY = ON; GO CREATE LOGIN SalesApp WITH PASSWORD = 'Pa$$w0rd', CHECK_POLICY = OFF; GO CREATE LOGIN SalesManager WITH PASSWORD = 'Pa$$w0rd', CHECK_POLICY = ON; GO CREATE LOGIN SalesApp WITH PASSWORD = 'Pa$$w0rd', CHECK_POLICY = OFF; GO

Demonstration 1A: Authenticating Logons and Logon Tokens In this demonstration, you will see: How to create a Windows login How to view the list of existing logins How to create a SQL Server login using T-SQL How to connect to SQL Server How to check the available login tokens How to create a SQL Server login using the GUI How to create a login with policy disabled How to view the existing SQL Server logins and their policy and expiration check status

Lesson 2: Authorizing Logins to Access Databases Authorization Overview Granting Access to Databases Managing dbo and guest Access

Authorization Overview Authentication and Authorization are often confused Authentication  Is the verification of the identity of a principal (such as determining who someone is) Authorization  Is the assignment of permissions on a securable to a principal (such as deciding what a person is permitted to do)  Can be implemented by assigning a principal to a role that already has permissions  Implemented via GRANT, DENY, or REVOKE statements for permissions on database objects

Granting Access to Databases Logins gain access to databases by the creation of Database Users Create Database Users via:  Object Explorer option in SSMS  T-SQL CREATE LOGIN statement CREATE USER SecureUser FOR LOGIN SecureUser; GO CREATE USER Student FOR LOGIN [AdventureWorks\Student]; GO CREATE USER HRApp FOR LOGIN HRUser; GO CREATE USER SecureUser FOR LOGIN SecureUser; GO CREATE USER Student FOR LOGIN [AdventureWorks\Student]; GO CREATE USER HRApp FOR LOGIN HRUser; GO

Managing dbo and guest Access dbo  The sa login and members of sysadmin role are mapped to dbo account, along with the database owner guest  This user account allows logins without user accounts to access a database

Notes Page Over-flow Slide. Do Not Print Slide. See Notes pane.

Demonstration 2A: Authorizing Logins and User Tokens In this demonstration you will see:  How to create database users using T-SQL  How to create database users using the GUI  How to view existing database principals  How to view user tokens

Lesson 3: Authorization Across Servers Typical "Double-Hop" Problem Impersonation vs. Delegation Working with Mis-matched Security IDs

Typical "Double-Hop" Problem User identity presented to the application 1 1 User identity OK because the application process impersonates the user 2 2 Delegation is not permitted. Identity of the service account used instead of the identity of the user 3 3 Database access disallowed because of incorrect identity 4 4 Web Server DB Server

Impersonation vs. Delegation Commonly mistaken for each other Impersonation  Ability to impersonate a user on the local machine Delegation  Ability to impersonate a user across the network

Working with Mismatched Security IDs Logins and Database Users  Both have names  Both have security identifiers called SIDs By default, SQL Server Logins receive new SIDs when created  Occurs even if name and password is identical  SIDs for Windows logins provided by Windows Common problem occurs when restoring or attaching databases from another instance Two methods for fixing the problem  Specify SID when creating the login (best option)  Fix the login SID in the database after restore

Demonstration 3A: Working with Mis-matched SID's In this demonstration, you will see how to correct an issue with mis-matched SIDs.

Lab 9: Authenticating and Authorizing Users Exercise 1: Create Logins Exercise 2: Correct an Application Login Issue Exercise 3: Create Database Users Challenge Exercise 4: Correct Access to Restored Database (Only if time permits) Logon information Estimated time: 45 minutes

Lab Scenario You need to configure the security for the Marketing database prior to the business accessing the system. You need to configure security so that organizational users are able to connect to SQL Server but are only to access resources that they are permitted to access. Most users will connect using their Windows group credentials. Some users however will need to use individual Windows logins. An application requires the use of a SQL Server login. If you have time there is a problem with the LanguageDetails database that you should try to solve. Note: the changes you make will later be migrated to the production environment. You should use T-SQL commands to implement the required changes.

Lab Review What is a common scenario that requires account policy to be disabled for a SQL Server login? What sort of login needs to be created for users in a Windows domain if that domain is not trusted by the domain that the SQL Server is part of?

Module Review and Takeaways Review Questions Best Practices

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.