Module 11 Authorizing Users to Access Resources. Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions.

Slides:



Advertisements
Similar presentations
Module 12: Auditing SQL Server Environments
Advertisements

Module 17 Tracing Access to SQL Server 2008 R2. Module Overview Capturing Activity using SQL Server Profiler Improving Performance with the Database Engine.
Understand Database Security Concepts
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.
System Administration Accounts privileges, users and roles
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Module 9 Designing an XML Strategy. Module 9: Designing an XML Strategy Designing XML Storage Designing a Data Conversion Strategy Designing an XML Query.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Module 13 Automating SQL Server 2008 R2 Management.
Module 9: Managing Schema Objects. Overview Naming guidelines for identifiers in schema object definitions Storage and structure of schema objects Implementing.
Module 18 Monitoring SQL Server 2008 R2. Module Overview Monitoring Activity Capturing and Managing Performance Data Analyzing Collected Performance Data.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist
Module 12 Handling Errors in T-SQL Code. Module Overview Understanding T-SQL Error Handling Implementing T-SQL Error Handling Implementing Structured.
Functions Lesson 10. Skills Matrix Function A function is a piece of code or routine that accepts parameters and stored as an object in SQL Server. The.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Module 19 Managing Multiple Servers. Module Overview Working with Multiple Servers Virtualizing SQL Server Deploying and Upgrading Data-Tier Applications.
Data Modeling and Database Design
Chapter 10 – Database Creation1 IT238: Data Modeling and Database Design Unit 6: Database Creation Instructor: Qing Yan, M.D., Ph.D.
Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |
Module 9 Designing and Implementing Stored Procedures.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.
Module 14 Configuring Security for SQL Server Agent.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
Module 4 Designing and Implementing Views. Module Overview Introduction to Views Creating and Managing Views Performance Considerations for Views.
Module 7 Planning and Deploying Messaging Compliance.
Module 3 Designing and Implementing Tables. Module Overview Designing Tables Working with Schemas Creating and Altering Tables.
Controlling User Access Fresher Learning Program January, 2012.
Module 4: Implementing Data Integrity
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
Session 1 Module 1: Introduction to Data Integrity
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Learningcomputer.com SQL Server 2008 –Views, Functions and Stored Procedures.
Chapter 13Introduction to Oracle9i: SQL1 Chapter 13 User Creation and Management.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
SQL Server Administration. Overview  Security  Server roles  Database roles  Object permissions  Application roles  Managing data  Backups  Restoration.
1 Chapter Overview Granting Database-Specific Permissions Using Application Roles Designing an Access and Permissions Strategy.
1 Copyright © 2009, Oracle. All rights reserved. Controlling User Access.
Module 10 Merging Data and Passing Tables. Module Overview Using the MERGE Statement Implementing Table Types Using Table Types As Parameters.
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
SQL Triggers, Functions & Stored Procedures Programming Operations.
SQL Basics Review Reviewing what we’ve learned so far…….
Module 9: Implementing Functions. Overview Creating and Using Functions Working with Functions Controlling Execution Context.
Data Integrity & Indexes / Session 1/ 1 of 37 Session 1 Module 1: Introduction to Data Integrity Module 2: Introduction to Indexes.
Administrating a Database
Controlling User Access
Controlling User Access
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Managing Privileges.
Controlling User Access
Objectives User access Create users Create roles
Controlling User Access
Managing Privileges.
Module 4: Managing Access to Resources
Module 7: Managing Access to Objects in Organizational Units
Designing Database Solutions for SQL Server
Module 5: Implementing Data Integrity by Using Constraints
Intermediate Security Topics in SQL SERver
Module 10: Implementing Managed Code in the Database
Copyright © 2013 – 2018 by Curt Hill
Administrating a Database
Presentation transcript:

Module 11 Authorizing Users to Access Resources

Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions at the Schema Level

Lesson 1: Authorizing User Access to Objects What Are Principals? What Are Securables? GRANT, REVOKE, DENY Securing Tables and Views Column-level Security WITH GRANT Option Demonstration 1A: Authorizing User Access to Objects

What Are Principals? Server Role SQL Server Login Windows Group Domain User Account Local User Account SQL Server Database Windows Securables Permissions Principals User Database Role Application Role

What Are Securables? Resources that can be secured Securables are contained within scopes  Server  Database  Schema

GRANT, REVOKE, DENY GRANT is used to assign a permission DENY is used to explicitly deny a permission  Used where permissions inherited through group or role membership  Should only be used in exceptional circumstances REVOKE removes either a GRANT or a DENY

Securing Tables and Views Several object permissions apply to tables and views  SELECT  INSERT, UPDATE, DELETE  REFERENCES USE MarketDev; GO GRANT SELECT ON OBJECT::Marketing.Salesperson TO HRApp; GO GRANT SELECT ON Marketing.Salesperson TO HRApp; GO USE MarketDev; GO GRANT SELECT ON OBJECT::Marketing.Salesperson TO HRApp; GO GRANT SELECT ON Marketing.Salesperson TO HRApp; GO

Column-level Security Permissions can be assigned at the column level Multiple column permissions can be assigned in a single statement A column-level GRANT overrides a table-level DENY GRANT SELECT ON Marketing.Salesperson ( SalespersonID, Alias) TO James; GO DENY SELECT ON Marketing.Salesperson TO Holly; GO GRANT SELECT ON Marketing.Salesperson ( SalespersonID, FirstName, LastName) TO Holly; GO GRANT SELECT ON Marketing.Salesperson ( SalespersonID, Alias) TO James; GO DENY SELECT ON Marketing.Salesperson TO Holly; GO GRANT SELECT ON Marketing.Salesperson ( SalespersonID, FirstName, LastName) TO Holly; GO

WITH GRANT Option Permissions granted with the WITH GRANT OPTION can be granted to other principals by the grantee CASCADE is used to also revoke permissions granted by the grantee  Can apply to DENY also GRANT UPDATE ON Marketing.Salesperson TO James WITH GRANT OPTION; GO REVOKE UPDATE ON Marketing.Salesperson FROM James CASCADE; GO GRANT UPDATE ON Marketing.Salesperson TO James WITH GRANT OPTION; GO REVOKE UPDATE ON Marketing.Salesperson FROM James CASCADE; GO

Demonstration 1A: Authorizing User Access to Objects In this demonstration, you will see:  How to view the complete list of server principals  How to view the complete list of database principals  How to grant permissions on a table  How to grant permissions at the column level

Lesson 2: Authorizing Users to Execute Code Securing Stored Procedures Securing User-defined Functions Securing Managed Code Managing Ownership Chains Demonstration 2A: Authorizing Users to Execute Code

Securing Stored Procedures Stored procedures require:  EXECUTE permission before they can be called  ALTER permission for modification  VIEW DEFINITION for documentation access USE MarketDev; GO GRANT EXECUTE ON Reports.GetProductColors TO Mod11User; GO USE MarketDev; GO GRANT EXECUTE ON Reports.GetProductColors TO Mod11User; GO

Securing User-defined Functions Users require EXECUTE permission before using scalar UDFs Users require SELECT permission for TVFs REFERENCES permission is used for CHECK constraints, DEFAULT values or computed columns GRANT EXECUTE ON dbo.FormatPhoneNumber TO public; GO GRANT EXECUTE ON dbo.FormatPhoneNumber TO public; GO

Securing Managed Code SQL CLR based code has additional permission requirements above those required for T-SQL code CLR assemblies are registered with one of three permission sets:  SAFE (the default)  EXTERNAL_ACCESS  UNSAFE EXTERNAL_ACCESS and UNSAFE permission sets require additional configuration on the database

Managing Ownership Chains

Demonstration 2A: Authorizing Users to Execute Code In this demonstration you will see:  How to assign permission to execute stored procedures  How to assign permissions for executing functions

Lesson 3: Configuring Permissions at the Schema Level Overview of User-schema Separation Object Name Resolution Granting Permissions at the Schema Level Demonstration 3A: Configuring Permissions at the Schema Level

Overview of User-schema Separation Schemas  Concept changed in SQL Server 2005  No longer equivalent to database users  Containers for database objects  Created via CREATE SCHEMA  Listed by querying sys.schemas view Users have default schemas Built-in Schemas  dbo  guest  sys  INFORMATION_SCHEMA

Object Name Resolution If the schema name is omitted, rules apply to how the name will be resolved  Each user has a default schema (does not apply to Windows groups)  Users with no defined default schema will have dbo as their default schema  First search is in the user's default schema  If not found, the dbo schema is searched also Whenever referencing an object in a statement, users should specify both the schema and the object name  SELECT ProductID FROM Production.Product

Granting Permissions at the Schema Level Instead of assigning individual permissions on tables, views, stored procedures, etc. permissions can be granted at the schema level  Applicable to all relevant objects within the schema  Easier to manage USE MarketDev; GO GRANT EXECUTE ON SCHEMA::Marketing TO Mod11User; GO GRANT SELECT ON SCHEMA::DirectMarketing TO Mod11User; GO USE MarketDev; GO GRANT EXECUTE ON SCHEMA::Marketing TO Mod11User; GO GRANT SELECT ON SCHEMA::DirectMarketing TO Mod11User; GO

Demonstration 3A: Configuring Permissions at the Schema Level In this demonstration, you will see how to:  Revoke permissions on a stored procedure  Assign EXECUTE permission at the schema level  Assign SELECT permission at the schema level  Explore covering or implied permissions.

Lab 11: Authorizing Users to Access Resources Exercise 1: Assign Schema-level Permissions Exercise 2: Assign Object-level Permissions Challenge Exercise 3: Test Permissions (Only if time permits) Logon information Estimated time: 45 minutes

Lab Scenario You have created the SQL Server logins and Database users and assigned them to appropriate roles. You now need to grant permissions to the database users and roles so that users can access the resources they need within the MarketDev database, based on the supplied security requirements.

Lab Review What makes fixed database roles of limited usefulness for most practical security architectures? When should permissions be assigned directly to a user?

Module Review and Takeaways Review Questions Best Practices

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.