Administrating a Database

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
 Overview User Accounts Groups User Rights Permissions.
Logins, Roles and Credentials Lesson 14. Skills Matrix.
SQL Server Basics for non-DBAs Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Anil Desai SQL Saturday #35 (Dallas, TX).  Anil Desai ◦ Independent consultant (Austin, TX) ◦ Author of several SQL Server books ◦ Instructor, “Implementing.
Chapter 12 File Management Systems
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Week 9 – Chapter 8 SQL 710 Methods to Backup Databases
Module 7: Restoring Databases. Overview SQL Server Recovery Process Preparing to Restore a Database Restoring Backups Restoring Databases from Different.
Module 6: Backing Up Databases. Overview Preventing Data Loss Setting and Changing a Database Recovery Model SQL Server Backup When to Back Up Databases.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Mike Fal - SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS March 17, 2011.
SQL Server 2008 Implementation and Maintenance Chapter 7: Performing Backups and Restores.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Working with Workgroups and Domains
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.
Managing Groups, Folders, Files and Security Local Domain local Global Universal Objects Folders Permissions Inheritance Access Control List NTFS Permissions.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
INTRO TO SQL SERVER SECURITY By Robert Biddle
Administering Groups Chapter Eight. Exam Objectives In this Chapter:  Plan a security group hierarchy based upon delegation requirements  Plan a security.
Learningcomputer.com SQL Server 2008 – Backup and Restore Database.
Privilege Management Chapter 22.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
1 Chapter Overview Granting Database-Specific Permissions Using Application Roles Designing an Access and Permissions Strategy.
Introduction to SQL Server  Working with MS SQL Server and SQL Server Management Studio.
Introduction to SQL Server for Windows Administrators Presented to WiNSUG 02/05/09 Bret Stateham Owner, Net Connex Blogs.netconnex.com.
SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance
SQL Server.  logins/users  roles  certificate  assymetric key 
Windows Vista Configuration MCTS : User Account Security.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
SQL Implementation & Administration
Administrating a Database
Securing and Administering the Data
Database Administration
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Introduction to Operating Systems
Access, Users, Permissions
Active Directory Administration
Designing Database Solutions for SQL Server
The Dirty Business of Auditing
Intermediate Security Topics in SQL SERver
Copyright © 2013 – 2018 by Curt Hill
PT2520 Unit 8: Database Security I
Chapter 11 Managing Databases with SQL Server 2000
We Need To Talk Security
Presentation transcript:

Administrating a Database Lesson 5

Objectives

Database Security Security, like every other aspect of the database project, must be carefully designed, implemented, and tested. Because security may affect the execution of some procedures, it must be taken into account when the project code is being developed. A permission is used to grant an entity (such as a user access) to an object (such as another user or a database). In SQL Server, the security model is based on what is referred to as “securables”.

Logins and Accounts A login or logon is the process by which an individual’s access to a computer system is controlled by identification of that user using credentials provided by that user. The most common login method is using a username and password. A user account is a logical representation of a person within a electronic system.

Server-Level Security The three different methods for which a user can be initially identified include: Windows user login Membership in a Windows user group SQL Server-specific login (if the server uses mixed-mode security) It is important to remember that at the SQL Server level, where the database resides, users are known by their login name. This can be a SQL Server login, Windows domain, or a username login choice.

Database-Level Security Even though a user may belong to a fixed database role and have certain administrative level permissions, a user still cannot access the data without first being granted permission to the database object itself (e.g., tables, stored procedures, views, functions). All users are automatically members of the public standard database role.

Object Permissions Each object’s permission is assigned through either granting, revoking, or denying user login permissions. Grant permission means the user can access the object. Deny permission overrides a grant permission. Revoke permission removes the permission assigned, regardless of whether it’s deny or grant.

SQL Server Service Account There are three different types of accounts which are available for the SQL Server service account: Local user account Local system account Domain user account

Authentication Authentication is the act of establishing or confirming a user or system identity. Windows Authentication mode is superior to mixed mode because users don’t need to learn yet another password and because it leverages the security design of the network.

SQL Accounts SQL servers also support mixed mode, which allows you to connect to the SQL server using Windows authentication or SQL Server authentication. A SQL Server login account and related passwords are defined on the SQL server and are not related to Active Directory or Windows accounts. Associated with SQL authentication is the sa account, the built-in SQL administrator account associated with SQL authentication. Since it is less secure than Windows logins, it is recommended to avoid mixed mode. However, it is available for backward compatibility.

Database Server Roles SQL Server includes fixed, predefined server roles: Bulkadmin Dbcreator Diskadmin Processadmin Securityadmin Serveradmin Setupadmin Sysadmin

Guest Logon Accounts Any user who wishes to access a database but has not been declared a user within the database will automatically be granted the user privileges of the guest user, as long as the guest user account has been created. The guest user account is not actually created when a database is created. It must be specifically added in through the SQL Server Management Studio interface or through a Transact-SQL statement.

Fixed Database Roles SQL Server includes a few standard, or fixed, database roles db_accessadmin db_backupoperator db_datareader db_datawriter db_ddladmin db_denydatareader db_denydatawriter db_owner db_securityadmin

Object Permissions Object permissions are the permissions that allow a user to act on the database objects (such as tables, stored procedures, and views): Select Insert Update Delete DRI (References) Execute

Ownership Chains In SQL Server databases, users often access data by going through one or several objects. Ownership chains apply to views, stored procedures, and user-defined functions. If the ownership chain is broken (meaning there’s a different owner between an object and the next lower object), SQL Server checks the user’s permission for every object accessed.

Backups The purpose of a database backup is so that you have something to restore if data is lost during a business’s daily routine. A user may accidentally delete a table or a database administrator may need to restore multiple tables on different servers in order to combine them into one database. The need for a database backup and restore plan for a business are immediate and far reaching.

Types of Backups Full backup: A full backup contains all the data in a specific database or set of filegroups or files, and also enough log to allow for recovering that data. Differential backup: . A differential backup contains only the data that has changed since the differential base. Incremental backup: An incremental backup is based on the last backup of the data. An incremental backup contains only the data that has changed since the last full or incremental backup.

Partial Backups Partial and differential partial backups are designed to provide more flexibility for backing up databases that contain some read-only filegroups under the simple recovery model.

File Backups The files in a database can be backed up and restored individually. Using file backups can increase the speed of recovery by letting you restore only damaged files without requiring you to restore the rest of the database.

Backup Devices SQL Server backups are created on backup devices, such as disk files or tape media. You can append new backups to any existing backups on a device or overwrite any existing backups.

Restore scenarios include the following: Database Restores Restore scenarios include the following: Complete database restore File restore Page restore Piecemeal restore Recovery only Transaction log restore Create a mirror database Create and maintain a standby server

Summary The end result of working with database security is to ensure the rights and responsibilities given to users, through creating users and roles, is enforced through a security plan. A permission is used to grant an entity (such as a user) access to an object (such as another user or a database). A login or logon is the process by which individual access to a computer system is controlled by identification of the user using credentials provided by the user. The most common login method is using a username and password.

Summary A user account is a logical representation of a person within a electronic system. Even though a user may belong to a fixed database role and have certain administrative-level permissions, a user still cannot access the data without first being granted permission to the database object itself (e.g., tables, stored procedures, views, functions). Each object’s permission is assigned through either granting, revoking, or denying user login permissions. Authentication is the act of establishing or confirming a user or system identity.

Summary Windows Authentication mode is superior to mixed mode because users don’t need to learn yet another password and because it leverages the security design of the network. Associated with SQL authentication is the sa account, which is the built-in SQL administrator account associated with SQL authentication. SQL Server includes fixed, predefined server roles. Primarily, these roles grant permission to perform certain server-related administrative tasks.

Summary Sysadmin can perform any activity in the SQL Server installation, regardless of any other permission setting. The sysadmin role even overrides denied permissions on an object. The public role is a fixed role, but it can have object permissions like a standard role. Every user is automatically a member of the public role and cannot be removed, so the public role serves as a baseline or minimum permission level.

Summary Users must be explicitly granted access to any user database. The db_owner is a special role that has all permissions in the database. An application role is a database-specific role intended to allow an application to gain access regardless of the user. The purpose of a database backup is so that you have something to restore if data is lost during a business’s daily routine.

Summary A user may accidentally delete a table or a database administrator may need to restore multiple tables on different servers in order to combine them into one database. Full backups contain all the data in a specific database or set of filegroups or files and also enough log data to allow for recovering that data. Differential backups only backs-up data since the last full backup. Incremental backups only backs-up up data since the last full or incremental backup.