Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lara Microsoft. What does it mean? Why do you need to care? How can you achieve your SoD goals?

Published byEvangeline Goodwin Modified over 8 years ago

Similar presentations

Presentation on theme: "Lara Microsoft. What does it mean? Why do you need to care? How can you achieve your SoD goals?"— Presentation transcript:

1 Lara Rubbelke @sqlgal Microsoft

2 What does it mean? Why do you need to care? How can you achieve your SoD goals?

3 SQL Server Separation of Duties for the DBA Whitepaper: http://bit.ly/pOPsct http://bit.ly/pOPsct Download Separation of Duties (SOD) Framework sqlserversod.codeplex.com sqlserversod.codeplex.com Module Signing (BOL): http://bit.ly/pwcN13 http://bit.ly/pwcN13 Engine Separation of Duties for the Application Developer: http://bit.ly/pwcN13 http://bit.ly/pwcN13

4 Granular Perms User- defined roles User- schema separation Signed Modules/ Execute As Encrypt ion

5

6

7

8 CREATE PROCEDURE HRUser.MySalary WITH EXECUTE AS ‘HRAdmin’ AS DECLARE @User NVARCHAR(128); EXECUTE AS CALLER; SELECT @User = USER_NAME(); REVERT; SELECT * FROM HR.PAYROLL WHERE Name = @User; GO

9

10 Need ALTER ANY LOGIN server permission to ALTER LOGIN Need to GRANT ALTER ANY LOGIN TO Jason? – No! ALTER LOGIN Bob ENABLE Jason (non privileged login)

11 Jason has permission to call SP SP run under Jason’s context but with elevated privilege SP protected against tampering Jason (non privileged login) SP_ENABLE_LOGIN ALTER LOGIN Bob ENABLE Cert_login ALTER ANY LOGIN

12 When the door to your database is closed to the DBA Separation of Duties Framework sqlserversod.codeplex.com

13 Empower the DBA team to be Productive Responsive With a process that is Auditable Secure Easy to Implement and Manage Extensible

14 1.Decide what tasks the DBA should be allowed to execute a.Create stored procedures or use the examples included in the framework 2.Execute the InstallScript.ps1 script a.Set up the database b.Set up the certificate and login/user c.Create the signed modules 3.Place DBAs/users in the new roles

15 Setting up the Separation of Duties Framework

16 There will always be at least one sysadmin The Separation of Duties Framework is designed to provide a means to limit the number of sysadmins The Separation of Duties Framework will complement existing processes

17 SQL Server Separation of Duties for the DBA Whitepaper: http://bit.ly/pOPsct http://bit.ly/pOPsct Download Separation of Duties (SOD) Framework sqlserversod.codeplex.com sqlserversod.codeplex.com Module Signing (BOL): http://bit.ly/pwcN13 http://bit.ly/pwcN13 Engine Separation of Duties for the Application Developer: http://bit.ly/pwcN13 http://bit.ly/pwcN13

Download ppt "Lara Microsoft. What does it mean? Why do you need to care? How can you achieve your SoD goals?"

Similar presentations

SQL Server 2005 RDBMS Technical Overview Matthew Stephen IT Pro Evangelist (SQL Server) Microsoft Ltd.

SQL Server 2005 RDBMS Technical Overview Matthew Stephen IT Pro Evangelist (SQL Server) Microsoft Ltd.
An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.

An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.
Login dan Permission dfd, 2012. Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.

Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Vinod Kumar M MTC – Technology Specialist Level: 300.

Vinod Kumar M MTC – Technology Specialist Level: 300.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
 Il-Sung Lee Senior Program Manager Microsoft Corporation BB37.

 Il-Sung Lee Senior Program Manager Microsoft Corporation BB37.
Connect with life Vinod Kumar Technology Evangelist - Microsoft

Connect with life Vinod Kumar Technology Evangelist - Microsoft
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.

Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.

Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Functions Lesson 10. Skills Matrix Function A function is a piece of code or routine that accepts parameters and stored as an object in SQL Server. The.

Functions Lesson 10. Skills Matrix Function A function is a piece of code or routine that accepts parameters and stored as an object in SQL Server. The.
© 2007 by Prentice Hall12-1 Introduction to Oracle 10g Chapter 12 Maintaining Database Security James Perry and Gerald Post.

© 2007 by Prentice Hall12-1 Introduction to Oracle 10g Chapter 12 Maintaining Database Security James Perry and Gerald Post.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.

[Limited Access] Content:  Purpose  Mechanism  Difficulty  Proposal Database Security & Audit Proposal.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
Module 9 Designing and Implementing Stored Procedures.

Module 9 Designing and Implementing Stored Procedures.

Similar presentations

Ads by Google