Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designing Database Solutions for SQL Server

Published byMargaret May Modified over 5 years ago

Similar presentations

Presentation on theme: "Designing Database Solutions for SQL Server"— Presentation transcript:

1 Designing Database Solutions for SQL Server
Christian Bolton | Technical Director, Coeo Graeme Malcolm | Microsoft

2 Course Topics Designing Database Solutions for SQL Server
01 | Managing a SQL Server Environment 02 | Designing Database Security 03 | Designing a Backup & Recovery Solution 04 | Designing a High-Availability Solution 05 | Troubleshooting & Maintaining a database

3 Christian Bolton | Technical Director, Coeo Graeme Malcolm | Microsoft
02 | Designing Database Security Christian Bolton | Technical Director, Coeo Graeme Malcolm | Microsoft

4 Module Overview Introduction to SQL Server Security
Managing Server-Level Security Managing Database-Level Principals Managing Database Permissions Encryption methods and scenarios

5 Introduction to SQL Server Security
Securables Objects to which access must be secured Principals Security identities that access securables and perform actions Permissions The actions principals can perform on securable Principal Permissions Securable

6 SQL Server Securables SQL Server Instance Server-level objects
Database Schema Objects Server-level objects Database-level objects

7 SQL Server Principals SQL Server Instance Windows User Database
User name & Password Windows Login SQL Server Login Authenticated by SQL Server Windows Global Group Server Role Database Database User Windows Local Group Database Role Application Role Contained Database Authenticated by SQL Server Database User Authenticated by Windows Database Role Application Role

8 SQL Server Permissions
Server-Level Server Role Login GRANT assigns a permission Inherited permissions are cumulative unless denied DENY explicitly denies a permission Use to override inherited permissions REVOKE removes a GRANT or DENY Database-Level Database Role Application Role User Objects Schema

9 Managing Server-Level Security
Trusted Server Application Security Model SQL Server User Application User accesses application Application uses its own credentials SQL Server access is based on application identity

10 Managing Server-Level Security
Impersonation/Delegation Security Model SQL Server User Application User accesses application Application impersonates user SQL Server access is based on user identity

11 SQL Server Authentication Options
Authentication is the process of verifying that an identity is valid: Windows authentication – only users authenticated by Windows can connect Mixed authentication – users authenticated by Windows or SQL Server can connect

12 Managing Server-Level Roles
All server-level principals are members of the public server role Assign logins to fixed server-level roles to delegate administrative tasks Create user-defined server roles if fixed roles don’t meet your needs

13 Managing-Server Security

14 Managing Database Users
Logins cannot access a database to which they have not been granted access Grant access to a login by creating a database user for it

15 Managing dbo and guest access
dbo database user sa login, members of sysadmin role, and owner of the database map to the dbo account Guest database user Enables logins without user accounts to access a database Disabled by default in user databases Enabled by using the GRANT CONNECT statement

16 Database Ownership Like other objects, databases have owners
A database owner will default to the user who created it This user will map to the dbo user Don’t have databases owned by user accounts

17 Managing Database-Level Roles
Assign users to fixed database-level roles to grant common permissions Create user-defined roles for finer-grained permissions management

18 Managing Application Roles
Use an application role to switch security context Often used for tasks that require elevated privileges Create an application role with a password Activate and deactivate an application role CREATE APPLICATION ROLE sales_supervisor WITH PASSWORD = 'Pa$$w0rd'; EXEC sp_setapprole 'sales_supervisor', 'Pa$$w0rd', @fCreateCookie = true, @cookie OUTPUT;   ...  EXEC

19 Using an Application Role

20 Managing Database Permissions
Statement Permission Govern DDL Object Permissions Govern DDL and DML GRANT CREATE TABLE TO db_dev; GRANT ALTER ANY ROLE, ALTER ANY USER TO sales_admin; GRANT ALTER APPLICATION ROLE::sales_supervisor TO sales_admin; GRANT SELECT ON OBJECT::dbo.ProductCategory TO product_reader; GRANT SELECT ON dbo.Product

21 Table and View Permission
SELECT INSERT UPDATE DELETE REFERENCES Use column-level permissions for finer-grained control

22 Ownership Chains dbo.View1 (User2) dbo.Table1 (User2) User 1 dbo.View2 (User2) dbo.Table2 (User3) When dependent objects are owned by the same user, only permissions at the top-level object are required When there is a break in the ownership chain, dependent object permissions are required

23 Database Encryption Service Master Key (SMK) Database Master Key (DMK)
DPAPI (Windows) master User DB SMK master DMK Server certificate DEK Service Master Key (SMK) Created during SQL Server Installation Database Master Key (DMK) Created in master database Encrypted by SMK Server Certificate Created in master, encrypted by DMK Database Encryption Key (DEK) Created in user database, encrypted by Cert

24 Transparent Database Encryption

25 Backup Encryption Create a database master key for master
Create a certificate or asymmetric key Back up the database, specifying the algorithm and key BACKUP DATABASE AdventureWorks TO DISK = 'R:\Backups\AW_Encrypt,bak' WITH FORMAT, INIT, ENCRYPTION( ALGORITHM = AES_128, SERVER CERTIFICATE = [BackupCert])

26 Backup Encryption

27 Designing Database Security
Summary Introduction to SQL Server Security Managing Server-Level Security Managing Database-Level Principals Managing Database Permissions Encryption methods and scenarios

28

Download ppt "Designing Database Solutions for SQL Server"

Similar presentations

Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.

Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS,

Security & Auditing on SQL Server 2008 R2 Antonios Chatzipavlis Software Architect Evangelist, IT Consultant MCT, MCITP, MCPD, MCSD, MCDBA, MCSA, MCTS,
Working with Workgroups and Domains

Working with Workgroups and Domains
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Managing Active Directory Domain Services Objects

Managing Active Directory Domain Services Objects
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.

Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |

Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.

MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Similar presentations

Ads by Google