Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.

Slides:



Advertisements
Similar presentations
Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.
Advertisements

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Security Pertemuan 7 Matakuliah: T0413 Tahun: 2009.
Login dan Permission dfd, Jenis Login dfd, 2012 SQL Server Authentication Membutuhkan password Windows Authentication Mode Tidak membutuhkan password.
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.
Database Management System
Active Directory: Final Solution to Enterprise System Integration
Chapter 9 Auditing Database Activities
Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.
System Administration Accounts privileges, users and roles
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Database Security Managing Users and Security Models.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Overview What is SQL Server? Creating databases Administration Security Backup.
Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.
3 Chapter Three Administering and Configuring SQL Server 2000.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.
MISSION CRITICAL COMPUTING Moving Data and Other Planning Considerations.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.
Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.
Module 14 Configuring Security for SQL Server Agent.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.
Effective Security in ASP.Net Applications Jatin Sharma: Summer 2005.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
Roles & privileges privilege A user privilege is a right to execute a particular type of SQL statement, or a right to access another user's object. The.
DATABASE TOOLS CS 260 Database Systems. Overview  Database accounts  Oracle SQL Developer  MySQL Workbench.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,
2. SQL Security Objectives –Learn SQL Server 2000 components Contents –Understanding the Authentication Process –Understanding the Authorization Process.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
GLOBEX INFOTEK Copyright © 2013 Dr. Emelda Ntinglet-DavisSYSTEMS ANALYSIS AND DESIGN METHODSINTRODUCTORY SESSION EFFECTIVE DATABASE DESIGN for BEGINNERS.
Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
SQL Server Administration. Overview  Security  Server roles  Database roles  Object permissions  Application roles  Managing data  Backups  Restoration.
Relational Database Management System(RDBMS) Structured Query Language(SQL)
SQL Server Security Basics Starting with a good foundation Kenneth Fisher
Introduction to SQL Server  Working with MS SQL Server and SQL Server Management Studio.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance
SQL Server.  logins/users  roles  certificate  assymetric key 
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
19 Copyright © 2008, Oracle. All rights reserved. Security.
SQL Database Management
SQL Implementation & Administration
Securing and Administering the Data
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Module Overview Installing and Configuring a Network Policy Server
Access, Users, Permissions
Common Security Mistakes
Designing Database Solutions for SQL Server
Limiting SQL Server Exposure
Limiting SQL Server Exposure
Copyright © 2013 – 2018 by Curt Hill
Presentation transcript:

Administration of Users Dr. Gabriel

2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail –Ensure administration consistency What to document: –Administration policies, staff and management –Security procedures –Procedure implementation scripts or programs –Predefined roles description –Administration staff and management

3 Documentation of User Administration Failure reasons: –Lack of time –Assumption that it’s already been done –Non-willingness to complicate the process

4 Documentation of User Administration: Account Access Procedures

5 Database Account Access Application Form Sample

6 Operating System Authentication Many databases (including Microsoft SQL Server 2005) depend on OS to authenticate users Reasons: –Once an intruder is inside the OS, it is easier to access the database –Centralize administration of users Users must be authenticated at each level

7 Operating System Authentication (continued)

8 Creating Users Must be a standardized, well-documented, and securely managed process

9 Creating a SQL Server User Create a login ID first; controls access to SQL Server system Associate login ID with a database user Creator must be member of fixed server roles (SYSADMIN or SECURITYADMIN) Two types of login IDs: –Windows Integrated (trusted) login –SQL Server login

10 Creating Windows Integrated Logins Command line: –SP_GRANTLOGIN system stored procedure Will be decommissioned soon Use CREATE LOGIN –CREATE LOGIN [domain\user] FROM WINDOWS (WITH ) ; Options: –DEFAULT_DATABASE = database (Default: master) – DEFAULT_LANGUAGE = language (server’s default language) –Can be associated local, domain, group usernames Management Studio: –Use the Security container –Logins -> New Login

11 Creating SQL Server Logins Command line: –SP_ADDLOGIN system stored procedure Will be decommissioned Use CREATE LOGIN

12 Creating SQL Server Logins CREATE LOGIN login_name { WITH | FROM } – ::= CERTIFICATE certname ASYMMETRIC KEY asym_key_name – ::= PASSWORD = 'password' [ HASHED ] [ MUST_CHANGE ] [, [,... ] ] – ::= SID = sid DEFAULT_DATABASE = database DEFAULT_LANGUAGE = language CHECK_EXPIRATION = { ON | OFF} CHECK_POLICY = { ON | OFF} CREDENTIAL = credential_name ]

13 Creating SQL Server Logins Credentials –Credentials provide a way to allow SQL Server Authentication users to have an identity outside of SQL Server. –Credentials can also be used when a SQL Server Authentication user needs access to a domain resource, such as a file location to store a backup. –A credential can be mapped to several SQL Server logins at the same time. –A SQL Server login can only be mapped to one credential at a time. Asymmetric key –An asymmetric key is a securable entity at the database level. Certificate –A certificate is a database-level securable that follows the X.509 standard and supports X.509 V1 fields.

14 Creating SQL Server Logins Examples –CREATE LOGIN loginname WITH PASSWORD = ‘A725skjdm,kwjd)5' MUST_CHANGE, check_expiration=on ; –CREATE LOGIN loginname WITH PASSWORD = ' A725skjdm,kwjd)5 ', CREDENTIAL = credname; –USE MASTER; CREATE MASTER KEY ENCRYPTION BY PASSWORD = '23987hxJ#KL95234nl0zBe'; go CREATE CERTIFICATE certname WITH SUBJECT = ‘certname in master db', EXPIRY_DATE = ‘12/31/2009'; GO CREATE LOGIN loginname FROM CERTIFICATE certname ; GO

15 Creating SQL Server Logins Management Studio: –Security container –Logins -> New Login –SQL Server Authentication option System view –sys.syslogins

16 Creating SQL Server Users CREATE USER user_name [ { { FOR | FROM } { LOGIN login_name | CERTIFICATE cert_name | ASYMMETRIC KEY asym_key_name } | WITHOUT LOGIN ] [ WITH DEFAULT_SCHEMA = schema_name ]

17 Creating SQL Server Users Schemas –A schema is a collection of database entities that form a single namespace. –A namespace is a set in which every element has a unique name. –For example, to avoid name collisions, no two tables in the same schema can have the same name. Two tables can have the same name only if they are in separate schemas. –Default: dbo

18 Creating SQL Server Users CREATE SCHEMA schema_name_clause [ [,...n ] ] ::= { schema_name | AUTHORIZATION owner_name | schema_name AUTHORIZATION owner_name } ::= { table_definition | view_definition | grant_statement revoke_statement | deny_statement }

19 Creating SQL Server Users Schema Example –CREATE SCHEMA Sprockets AUTHORIZATION Annik CREATE TABLE NineProngs (source int, cost int, partnumber int) GRANT SELECT TO Mandar DENY SELECT TO Prasanna; GO System view –sys.schemas

20 Creating SQL Server Users Create USER Examples –CREATE USER username FOR LOGIN loginname; –CREATE USER username FOR LOGIN loginname WITH DEFAULT_SCHEMA = schemaname; System view –sys.sysusers

21 Removing/Modifying Users Simple process Make a backup first Obtain a written request (for auditing purposes)

22 SQL Server: Removing Windows Integrated Logins Command line: SP_DENYLOGIN system stored procedure –Will be decommissioned –Use ALTER LOGIN instead ALTER LOGIN loginname DISABLE

23 SQL Server: Modifying Windows Integrated Login Attributes Command line: –SP_DEFAULTDB system stored procedure Will be decommissioned Use ALTER LOGIN instead –SP_DEFAULTLANGUAGE stored procedure Will be decommissioned Use ALTER LOGIN instead Management Studio: –Expand the security container –Select desired login –Properties (on the Action Menu)

24 SQL Server: Removing/Modifying SQL Server Logins ALTER LOGIN login_name { | WITH [,... ] } ::= ENABLE | DISABLE ::= PASSWORD = 'password' [ OLD_PASSWORD = 'oldpassword' | [ ] ] | DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language | NAME = login_name | CHECK_POLICY = { ON | OFF } | CHECK_EXPIRATION = { ON | OFF } | CREDENTIAL = credential_name | NO CREDENTIAL ::= MUST_CHANGE | UNLOCK

25 SQL Server: Removing/Modifying SQL Server Logins Examples –Enabling a disabled login ALTER LOGIN loginname ENABLE; –Changing the password of a login ALTER LOGIN loginname WITH PASSWORD = '3948wJ698FFF7'; –Changing the name of a login ALTER LOGIN loginname WITH NAME = newname;

26 SQL Server: Removing/Modifying SQL Server Logins DROP LOGIN –DROP LOGIN loginname Management Studio: –Highlight the desired login –Right click and Choose Delete

27 Modifying Users ALTER USER –Renames a database user or changes its default schema –Examples: ALTER USER username WITH NAME = newname ALTER USER username WITH DEFAULT_SCHEMA = newschema

28 Database Links Connection from one database to another: allow DDL and SQL statements Types: PUBLIC and PRIVATE Authentication Methods: –CURRENT USER –FIXED USER –CONNECT USER

29 Linked Servers Linked servers are used to handle distributed queries Allow you to connect to almost any: –Object Linking and Embedding Database (OLEDB) –Open Database Connectivity (ODBC)

30 Linked Servers –You can use stored procedures and catalog views to manage linked server definitions: Create a linked server definition by running sp_addlinkedserver. View information about the linked servers defined in a specific instance of SQL Server by running a query against the sys.servers system catalog views. Delete a linked server definition by running sp_dropserver. You can also use this stored procedure to remove a remote server. –You can also define linked servers by using SQL Server Management Studio. In the Object Explorer, right-click Server Objects, select New, and select Linked Server. You can delete a linked server definition by right-clicking the linked server name and selecting Delete.

31 Linked Servers sp_addlinkedserver ] 'server' [, ] 'product_name' ] [, ] 'provider_name' ] [, ] 'data_source' ] [, ] 'location' ] [, ] 'provider_string' ] [, ] 'catalog' ]

32 Linked Servers Examples: –Linking to other SQL servers USE master; GO EXEC sp_addlinkedserver 'SEATTLESales', N'SQL Server' GO

33 Linked Servers Examples: –Linking to Access DB EXEC = 'SEATTLE = = 'OLE DB Provider for = 'C:\MSOffice\Access\Samples\Northwind.mdb'

34 Linked Servers Examples: –Linking to Oracle EXEC = 'LONDON = = = 'MyServer' GO

35 Linked Servers SP_DROPSERVER –Removes a server from the list of known remote and linked servers on the local instance of SQL Server. –sp_dropserver = ] 'server' [, = ] { 'droplogins' | NULL} ] related remote and linked server logins for server must also be removed if droplogins is specified. –Example: sp_dropserver 'ACCOUNTS', 'droplogins';

36 Linked Servers When you execute a distributed query against a linked server, include a fully qualified, four-part table name for each data source to query. This four-part name should be in the form linked_server_name.catalog.schema.object_name OPENQUERY function –Executes the specified pass-through query on the specified linked server –Ex: SELECT * FROM OPENQUERY(LinkedServerName, 'SELECT name, id FROM joe.titles')

37 Linked Servers SP_ADDLINKEDSRVLOGIN –Creates or updates a mapping between logins on the local instance of SQL Server and remote logins on the linked server. –sp_addlinkedsrvlogin = ] 'rmtsrvname' [, = ] 'useself' ] [, = ] 'locallogin' ] [, = ] 'rmtuser' ] [, = ] 'rmtpassword' ]

38 Linked Servers SP_ADDLINKEDSRVLOGIN –Creates or updates a mapping between logins on the local instance of SQL Server and remote logins on the linked server. –sp_addlinkedsrvlogin = ] 'rmtsrvname' [, = ] 'useself' ] [, = ] 'locallogin' ] [, = ] 'rmtuser' ] [, = ] 'rmtpassword' ] –Example: EXEC sp_addlinkedsrvlogin 'Accounts', 'false', 'Domain\Mary', 'MaryP', 'd89q3w4u'

39 Practices for DB Administrators and Managers Manage: –Accounts –Data files –Memory Administrative tasks: –Backup –Recovery –Performance tuning

40 Best Practices Follow company’s policies and procedures Always document and create logs Educate users Keep abreast of database and security technology Review and modify procedures

41 Best Practices (continued) For SQL server: –Create a local windows group called DBA –Grant login access for this group to SQL server instance –Make the trusted login a sys admin –Use local Windows or domain Windows accounts What about DB logins for Internet applications? Block direct access to database tables Limit and restrict access to the server Use strong passwords Patches, patches, patches

42 Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.