Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Server Security Model In Plain English Kevin Hill Twitter: @Kevin3NF KHill@MainStreetDBAs.com www.MainStreetDBAs.com.

Similar presentations


Presentation on theme: "SQL Server Security Model In Plain English Kevin Hill Twitter: @Kevin3NF KHill@MainStreetDBAs.com www.MainStreetDBAs.com."— Presentation transcript:

1 SQL Server Security Model In Plain English Kevin Hill

2 About me… 20+ years working with Microsoft databases
Long time member of PASS.org (you should join) Sr. SQL Server DBA at Main Street DBAs.com I LOVE teaching new people SQL Saturday speaker, DFW trainer 10+ years as a member of local SQL user group Now a board member, as of January 2018…again… Avid Cyclist, Dad, Husband, Grandfather and CrossFit enthusiast

3 My manager: Me: “Do I need a user or a login?”

4 If you can read this your eyes are way better than mine.
Where do you live? House? Apartment? Wilderness, out under the stars? If you can read this your eyes are way better than mine.

5 Do you lock your door at night?
Why? To keep your neighbors out? To keep your children in? Or. . .to guard against the unknown?

6 Can you walk into your neighbor’s house any time you like?

7 Things I know about your house:
Locks on the doors. Multiple rooms. Stuff in those rooms. People in various parts of the house.

8 Who has the keys? Whoever owns the house.
Most of the people that live there, if not all. A neighbor perhaps. A landlord for renters. (Apartment or house.) Basically, anyone the owner decides to give it to.

9 Assuming your key works, walk in…
Now you are in the foyer. . .and can see all sorts of stuff. As you glance around you see various rooms (Living room, bedrooms, kitchen, etc.) Without a closer look you don’t what is what, and the doors are all closed (for this analogy anyway. . .)

10 If you own the house… You can go into any room. . .
You can change the carpet. . . You can paint the walls. . . . . .or hang a ceiling fan. You can add a room if you have the $$$. . . . . .or toss some teenage boy out of your daughter’s room. YOU control what happens in your house.

11 Consider 2 rooms: Think about the master bedroom…
Residents (so to speak): You and your significant other. Visitors: Kids to ask questions. Grandkids to jump on the bed. You have full control of the master bedroom. Now Imagine your kid’s room: They have stuff. Siblings are not allowed. They have some decorating freedom, with parental override.

12 In the kids’ rooms: They have stuff—furniture, clothing, toys, too many screens, random stuff your 8 year old found on the way home. . . Each item is in a category as above. Within each category you have specifics, such as a bed or desk, shirts and socks, board games or dolls. . . Suzie’s room is quite a bit different from Little Bobby’s room. Each child has (some) control over what to add or remove, and who to allow in their room, as well as appearance.

13 Lets say you have twin boys. . .
Typically, twins grow up sharing things due to the connection they have. This often includes same room, similar outfits, similar hobbies. . . But, each has their own bed, their own specific clothing, etc. They may share some items but not others, for different reasons. Billy can look at Bobby’s books, but doesn’t have permission to take one. Bobby can’t just decide to take over Billy’s desk whenever he wants.

14 Great. . .but what does this have to do with SQL Server?

15 Let’s map the terms together…
These might be the two most important slides of the entire Security section House = an Instance of SQL Server. Lock on the door = what you need a LOGIN to get past. (Lock = Login). Foyer = you are simply authorized to CONNECT to the Instance Rooms = Databases. All have a different function. Residents = Users. Bobby uses his room/database, Suzie uses hers.

16 Let’s map the terms together…
Categories of stuff = schemas furniture schema, clothing schema. . . Individual items (bed, shirts) = database objects. (tables, views, etc.) Specific items (different books, shirts) = rows in a table.

17 We talked about people and things. . .
Lets talk roles and permissions. . . Mom and Dad—sysadmin server role. They can do whatever they want to the house. They also have default owner rights over all rooms/databases. Suzie, Billy and Bobby—They need keys (LOGINS), and also may have “db_owner” rights to their respective rooms/databases The kids can grant or deny access to their rooms to the other kids. “look but don’t touch” = db_datareader role. “Keep out”—Deny Connect to Bobby. “Sure, you can borrow my iPad, but bring it back.” db_datareader and db_datawriter

18 Wrap up The basic things you need to know as a non-DBA or new DBA:
Logins get you connected to the Instance. User accounts get you access to individual databases. Grant access to Windows groups, in an ideal situation. Limit access to the sysadmin server role. Limit db_owner access to databases. There are a number of Server and Database roles we didn’t touch. Also, there are a ton of specific permissions. . .you can get very granular.


Download ppt "SQL Server Security Model In Plain English Kevin Hill Twitter: @Kevin3NF KHill@MainStreetDBAs.com www.MainStreetDBAs.com."

Similar presentations


Ads by Google