Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft SQL Server 2014 for Oracle DBAs Module 8

Published byBrittany Andrews Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft SQL Server 2014 for Oracle DBAs Module 8"— Presentation transcript:

1 Microsoft SQL Server 2014 for Oracle DBAs Module 8
11: Monitoring and performance tuning Microsoft SQL Server 2014 for Oracle DBAs Module 8 Data protection and security

2 40074A Module Overview 9: Data protection and security Managing roles

3 Lesson 1: Securing the database
9: Data protection and security Auditing

4 Security is implemented in both DBMSs using logins and privileges
Database security 9: Data protection and security Security is implemented in both DBMSs using logins and privileges Users can be classified as: Schema owners (SQL Server database object owners) Application users Administrative users User authentication can be achieved through the operating system login or database login or contained database SQL Server security depends on Windows security for features such as password expiration

5 Oracle and SQL Server both contain:
Privileges and roles 9: Data protection and security Oracle and SQL Server both contain: System-level privileges – to perform actions against any object in the database Object-level privileges – to perform actions against specific schema objects Roles group System-level and object-level privileges SQL Server fixed and user-defined roles : Server and database Application roles in SQL Server Implemented using application logic Password protected

6 Demonstration: Provide instance security
9: Data protection and security In this demonstration you will see how to: Create a Windows user account Associate a SQL Server login with the Windows user account Demonstration Steps Click Start → Administrative Tools → Computer Management. Expand the Local Users and Groups folder in the tree view on the left. Click the Users folder, and then right-click in the right pane and select New User. Enter Demo in the User Name, Full Name, and Description boxes. Enter demo in the Password and Confirm Password boxes. Clear the User Must Change Password at Next Login checkbox. Select the Password Never Expires. Click Create, and then click Close.In the Object Explorer, expand the INST01 instance node. Expand Security, and then expand the Logins folders. Right-click the Logins folder and select New Login. Click the Search button and enter Demo in the dialog window, click Check Names, and then click OK. Change the Default Database menu to show the AdventureWorks2012 database. Select the User Mapping page in the Login – new dialog. Click the checkbox in the Map column next to the AdventureWorks2012 database in the upper window, and check the db_datareader Database Role in the lower window. If the db_owner role is checked, ignore it. It’s the result of a Management Studio bug, and it’s not really selected. Click OK. You’ve now created a Windows user, and granted that user read access to the AdventureWorks2012 database.

7 Auditing Auditing facilitates database activity monitoring
9: Data protection and security Auditing facilitates database activity monitoring Monitoring statements, privileges, or objects Oracle audit key DDL and DML statements. SQL Server all actions (DDL and DML) are auditable. SQL Server Profiler offers various events that can be used for auditing. DDL triggers and even notifications can aid in auditing SQL Server server-level auditing is available in all editions, provides T-SQL stack frame info, and more resilient. SQL Server supports user-defined audit group and audit filtering

8 Lesson 2: Managing users
9: Data protection and security Contained database authentication

9 Understanding accounts
9: Data protection and security In Oracle, a user name is database system wide, SQL Server uses login accounts to access the instance and user accounts for individual databases. Oracle 12c pluggabe databases can have their own users Oracle user names and SQL Server logins can be operating system authenticated or database authenticated. In addition, SQL Server logins can be authenticated by the network domain. Starting with SQL Server 2012, user authentication can also be achieved with a contained database without logins. In SQL Server, a user account has to be created in every database that a login needs access to and can be named differently from the login name.

10 Creating login accounts
9: Data protection and security Two methods of authentication for SQL Server logins Windows authentication SQL Server authentication Windows Authentication: SQL Server Windows authentication relies on the security mechanism of the Microsoft Windows operating system to validate login connections. Any user who has been authenticated by the trusted Windows domain, regardless of the location or computer, can connect to a SQL Server instance without providing a separate login and password. Logins based on Windows authentication can be added to the SQL Server instance using the following T- SQL statement: CREATE LOGIN login_name FROM WINDOWS [WITH windows_options] In this statement the login_name is of the form domain_name\domain_login_name. The optional Windows_options can be: DEFAULT_DATABASE = database | DEFAULT_LANGUAGE = language SQL Server Authentication: A login using the SQL Server authentication method specifying the pre- requisite login account and password can be defined by using the following CREATE LOGIN T-SQL statement: CREATE LOGIN login_name { WITH < option_list1 >} The option_list1 can include any or all of the following: PASSWORD = ' password ' [ HASHED ] [ MUST_CHANGE ] [ , option_list2 [ ,... ] ]

11 Creating and modifying user accounts
9: Data protection and security In SQL Server, a user account has to be created in every database that a login needs access to and can be named differently from the login name

12 Contained database authentication
9: Data protection and security Best practices for contained databases Use the default (off) setting for contained database authentication and only turn this setting on if it is required. Protect backups of contained databases using passwords. Audit the capabilities of users and modules in contained databases. Audit logins that have the ability to set containment, if contained database authentication is allowed. Disable the guest account on databases that share an instance with contained databases. Take care to avoid login/user-with-login naming conflicts Avoid connection strings with initial catalog if contained database authentication is permitted.

13 Lesson 3: Understanding privileges
9: Data protection and security Viewing privileges

14 40074A Managing privileges 9: Data protection and security Oracle and SQL Server control access and activity within the database using system and object privileges ALTER DATABASE and GRANT are examples of system privileges while object privileges can be SELECT, INSERT, UPDATE, DELETE. Oracle and SQL Server use the GRANT statement to give privileges and REVOKE statement to remove privileges. In addition SQL Server has the DENY statement to suspend privileges.

15 40074A Viewing privileges 9: Data protection and security Use the system catalog view sys.database_permissions and function fn_builtin_permissions to list permissions on objects and statements in SQL Server

16 Lesson 4: Managing roles
9: Data protection and security Demonstration: Observe server and database roles Demonstration: Separation of duties

17 40074A Understanding roles 9: Data protection and security Oracle and SQL Server provide system roles with predefined privileges and user defined roles The SQL Server roles are of two categories: Fixed and user defined server roles for the database instance Fixed and user defined database roles for a database Sysadmin fixed server role is equivalent to Oracle’s DBA role In Oracle, there is a single DBA role that has database instance wide privileges spanning all schemas In SQL Server, administrative privileges can be limited by the use of fixed or user defined database roles

18 40074A User-defined roles 9: Data protection and security Collects a sets of permissions and assign them a role instead of granting them to individual users. Created using Transact SQL or SQL Server Management Studio Used for groups of users

19 Working with roles Granting and revoking roles Maintaining roles
9: Data protection and security Granting and revoking roles Maintaining roles Controlling availability of roles

20 Demonstration: Observe server and database roles
9: Data protection and security In this demonstration you will learn to: Use catalog views Use stored procedures to analyze roles Demonstration Steps Go to Start → Programs → Microsoft SQL Server 2014 → SQL Server Management Studio → Object Explorer. Select Object explorer → Security. Click Logins and select the SA login. Right-click and select Properties to open the Login Properties window. Select the Server Roles pane in the SQL Server Login Properties window to view the fixed server roles. The user is a member of the roles checked. Alternatively, use system catalog views to see this information. Open a new Query Editor window and execute the following statement. Select SP.* From sys.server_principals AS SP Inner Join sys.server_role_members As SRM on SP.principal_id = SRM.member_principal_id Where SRM.member_principal_ID = 1; Return to the sa Login Properties window. To view the database roles, select User Mapping from the top navigation bar. The window will have information about different roles assigned to the user for different databases. Alternatively, use the system catalog views to see this information. Open the Query Editor and execute the statement below to see the database users in the db_owner role in the current database. Select DP.* From sys.database_principals DP Inner Join sys.database_role_members DRM On DP.principal_id = DRM.role_principal_id Where DRM.member_principal_ID = 1; To view the permissions for a user of specific database, such as AdventureWorks2012, start Object (More notes on the next slide)

21 Demonstration: Separation of duties
9: Data protection and security In this demonstration you will learn to: Use user defined server roles to lock down permissions for users Demonstration Steps Go to Start → Programs → Microsoft SQL Server 2014 → SQL Server Management Studio → Object Explorer. Select Object explorer → Security. Click Logins and select the SA login. Right-click and select Properties to open the Login Properties window. Select the Server Roles pane in the SQL Server Login Properties window to view the fixed server roles. The user is a member of the roles checked. Alternatively, use system catalog views to see this information. Open a new Query Editor window and execute the following statement. Select SP.* From sys.server_principals AS SP Inner Join sys.server_role_members As SRM on SP.principal_id = SRM.member_principal_id Where SRM.member_principal_ID = 1; Return to the sa Login Properties window. To view the database roles, select User Mapping from the top navigation bar. The window will have information about different roles assigned to the user for different databases. Alternatively, use the system catalog views to see this information. Open the Query Editor and execute the statement below to see the database users in the db_owner role in the current database. Select DP.* From sys.database_principals DP Inner Join sys.database_role_members DRM On DP.principal_id = DRM.role_principal_id Where DRM.member_principal_ID = 1; To view the permissions for a user of specific database, such as AdventureWorks2012, start Object (More notes on the next slide)

22 Module Overview Managing roles 40074A 9: Data protection and security
 Next module is on Moving data between databases and basic ETL operations

23 © 2014 Microsoft Corporation. All rights reserved
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft SQL Server 2014 for Oracle DBAs Module 8"

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.

Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Payroll and HR Enhancements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Payroll and HR Enhancements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
Interactivity Navigating a data model Working with large quantities of data Entry Editing and adding data User feedback and validation Presentation.

Interactivity Navigating a data model Working with large quantities of data Entry Editing and adding data User feedback and validation Presentation.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.

Windows 7 Training Microsoft Confidential. Windows ® 7 Compatibility Version Checking.
Understanding Active Directory

Understanding Active Directory
Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Feature: OLE Notes Migration Utility

Feature: OLE Notes Migration Utility
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Similar presentations

Ads by Google