Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access, Users, Permissions

Published byClaude Dawson Modified over 5 years ago

Similar presentations

Presentation on theme: "Access, Users, Permissions"— Presentation transcript:

1 Access, Users, Permissions
SQL Server Access, Users, Permissions

2 Introduction Name: Dummea Vincent Job: SQL Server DBA
A little about myself… LinkedIn: vincent-1936b811 Blog: A little about myself….This is my first Sqlsaturday presentation so your feedbacks are definitely welcome. I am currently seeking my masters degree at university of Maryland, university college in Database systems (more so oracle database system).

3 Objectives/Topics Server Level 2 different Server Authentication
The different server Roles Creating Logins Database Roles Creating Database users Manipulating Permissions Q&A Database Level Tables, SPs, and lower levels This session will cover the very basics of sql server so FYI if you are not a beginner I don’t want to waste your time. These are the topics we will be going over today. We will start at the top which will be the instance level permissions and access and then work our way down.

4 Server Permission I apologize for the blacked out words but the screen shots are taken from my work test server so cannot compromise our security. This page is the server property page. How you get here? Right click on the instance name and then click on properties just like any Microsoft program. The word SECURITY will be a recurring theme in sql server and when in doubt go to security for anything to do with access/permissions. The server authentication can be set while installing the instance but it can also be changed on this page.

5 The Server Roles Bulkadmin Dbcreator Diskadmin Processadmin Public
Securityadmin Serveradmin Setupadmin Sysadmin The server roles and also database roles which I will go over in a later slide are pretty much self explanatory. The names says exactly what the role does.

6 Creating Windows Login
Creating a WINDOWS login via GUI Now Microsoft provides 2 different ways a DBA can accomplish tasks in sql server. One is via GUI (graphic user interface) and the other is via T-SQL language. This shows the GUI way of creating a login. You scroll down to the SECURITY folder or tab, expand it, right click on login and click ‘New Login.’ Now you can either create a ‘WINDOWS’ login which does not require a password or a ‘SQL SERVER’ login which would require a password. A nice thing about GUI is that you can script out almost everything and it will script it out into the T-SQL form

7 Creating Windows Login Cont…
Creating a WINDOWS login via T- SQL

8 Creating SQL Server Login
Creating a SQL SERVER login via GUI

9 Creating SQL Server Login Cont…
Scripting out a login

10 Creating SQL Server login via T-SQL

11 -- Syntax for SQL Server
CREATE LOGIN login_name { WITH <option_list1> | FROM <sources> } <option_list1> ::= PASSWORD = { 'password' | hashed_password HASHED } [ MUST_CHANGE ] [ , <option_list2> [ ,... ] ] <option_list2> ::= SID = sid | DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language | CHECK_EXPIRATION = { ON | OFF} | CHECK_POLICY = { ON | OFF} | CREDENTIAL = credential_name <sources> ::= WINDOWS [ WITH <windows_options>[ ,... ] ] | CERTIFICATE certname | ASYMMETRIC KEY asym_key_name <windows_options> ::= DEFAULT_DATABASE = database

12 This is still the New login page which is also the login properties page. After creating the new login, you can go through each tab to makes changes. This page you can assign server roles.

13 This page is the User Mapping page
This page is the User Mapping page. You can map a login to one or multiple databases. A login can be given access to both the instance and the databases, but a database user can only access database level permissions. As you can se I assigned sqlsaturday1 to the PROD database so now under the PROD users tab you can see sqlsaturday1 is listed as one of the users.

14 This is the Securables page
This is the Securables page. Securables are anything that can be granted permissions to. So basically anything under database, schema, down to the objects.

15 This final page is self explanatory
This final page is self explanatory. It shows the status of the login and here you can deny access to a login, disable the login, or if the user is locked out you can view it here.

16 A login can be given access to both the instance and the databases, but a database user can only access database level permissions.

17 Database Roles Db_accessadmin Db_backupoperator Db_datareader
Db_datawriter Db_ddladmin Db_denydatareader Db_denydatawriter Db_owner Db_Securityadmin public You can create additional database roles but I would not recommend creating new server roles unless it is really necessary. Lets say for example, a request came to add 15 users to a specific database and to only grant them permission to SELECT on 4 tables and EXECUTE the stored procedures. If you want a hard life, you can do each user individual but if you want to make your life easy, kick it back to the requestor and suggest that you create a role that has permission to SELECT the 4 tables and EXECUTE the stored procedures. Then you can assign that role to the 15 users.

18 Creating a New Database Role
Here is how you would create a database role either via GUI or T-sql. You should start noticing a pattern that from server level to database level the actions are the same and syntax are similar.

19 Creating Database Users
Now there are several types of users that you can create in a database. We will concentrate on creating a user with login because that is what is mostly used.

20 2 USERS, 1 LOGIN You can associate multiple users to one login as long as each user is from a different database. But doing so would be pointless because both users once they login they can access each others database.

21 Granting permissions on a database
Granting permissions on a database. This is the database properties page and although I did not go through each tab, the only tab associated with security or access is the permissions tab.

22 Granting permissions on a Schema

23 Granting permissions on a Table

24 Granting permissions on a stored procedure
Granting permissions on a stored procedure. If you noticed while I went through the slide, the blue underlined “view ……” leads you to the next permission level, so to avoid clicking out of here. You can manage all levels of permissions in the same location. To go back to the lower level permission just click cancel.

25 Q1 You are the lead database administrator (DBA) of a Microsoft SQL Server 2012 environment. All DBAs are members of the DOMAIN\JrDBAs Active Directory group. You grant DOMAIN\JrDBAs access to the SQL Server. You need to create a server role named SpecialDBARole that can perform the following functions: * View all databases. * View the server state. * Assign GRANT, DENY, and REVOKE permissions on logins. You need to add DOMAIN\JrDBAs to the server role. You also need to provide the least level of privileges necessary. Which SQL statement or statements should you use? Choose all that apply. A. CREATE SERVER ROLE [SpecialDBARole] AUTHORIZATION setupadmin; B. ALTER SERVER ROLE [SpecialDBARole] ADD MEMBER [DOMAIN\JrDBAs]; C. CREATE SERVER ROLE [SpecialDBARole] AUTHORIZATION securityadmin; D. GRANT VIEW DEFINITION TO [SpecialDBARole]; E. CREATE SERVER ROLE [SpecialDBARole] AUTHORIZATION serveradmin; F. GRANT VIEW SERVER STATE, VIEW ANY DATABASE TO [SpecialDBARole]; Answers are BCF.

26 Q2 A. USE Database2 B. EXECUTE AS OWNER C. USE Database1
You develop three Microsoft SQL Server databases named Database1, Database2, and Database3. You have permissions on both Database1 and Database2. You plan to write and deploy a stored procedure named dbo.usp_InsertEvent in Database3. dbo.usp_InsertEvent must execute other stored procedures in the other databases. You need to ensure that callers that do not have permissions on Database1 or Database2 can execute the stored procedure. Which Transact-SQL statement should you use? Which Transact-SQL statement should you use? A. USE Database2 B. EXECUTE AS OWNER C. USE Database1 D. EXECUTE AS CALLER Answer is B.

27 Q3 A. Create a custom database role that includes the users. Deny Delete permissions on the Sales schema for the custom database role. B. Include the Sales schema as an owned schema for the db_denydatawriter role. Add the users to the db_denydatawriter role. C. Deny Delete permissions on each table in the Sales schema for each user. D. Create a custom database role that includes the users. Deny Delete permissions on each table in the Sales schema for the custom database role. You administer a Microsoft SQL Server database that has multiple tables in the Sales schema. Some users must be prevented from deleting records in any of the tables in the Sales schema. You need to manage users who are prevented from deleting records in the Sales schema. You need to achieve this goal by using the minimum amount of administrative effort. What should you do? Answer is A.

Download ppt "Access, Users, Permissions"

Similar presentations

Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,

SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.

Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Mike Fal - www.mikefal.net SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.

Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.

Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Overview What is SQL Server? Creating databases Administration Security Backup.

Overview What is SQL Server? Creating databases Administration Security Backup.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.

Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.

MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.

Week 7 Lecture 1 Database Roles. Learning Objectives  Discover when and why to use roles  Learn how to create, modify, and remove roles  Learn how.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.

Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.

Similar presentations

Ads by Google