Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Published byJewel Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide."— Presentation transcript:

1 Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443)

2 Server Service Level security operates for the entire instance Includes –Logins –Authentication Mode –HTTP Endpoints –SQL Agent Roles –.NET Assemblies © Wiley Inc. 2006. All Rights Reserved.

3 Logins Two kinds –Windows Logins Windows Users Windows Groups –SQL Logins Sa – special login © Wiley Inc. 2006. All Rights Reserved.

4 Server Roles Created on install Can’t be altered User minimum permissions needed to complete a job © Wiley Inc. 2006. All Rights Reserved.

5 Database Users Mapped to logins Can be mapped to certificates Security best applied to roles Guest user assigned to everyone Can be orphaned in restored databases © Wiley Inc. 2006. All Rights Reserved.

6 Schemas Schema replaces owner from SQL Server 2000 Separates owner from schema for permissions Every object must belong to a schema Functions as a namespace © Wiley Inc. 2006. All Rights Reserved.

7 Database Roles Similar to server roles Fixed database roles created on install; cannot be altered Assign users to roles for specific jobs Datawriter and datareader can easily manage permissions but give permissions on every object © Wiley Inc. 2006. All Rights Reserved.

8 User-defined Roles Created by administrator Permissions custom to each role Best practice is to assign all users to roles and all rights to roles © Wiley Inc. 2006. All Rights Reserved.

9 Application Roles Permissions assigned to this role No users added Role is “invoked” by user and secured by a password Once invoked, permissions remain the same as long as the session is active. © Wiley Inc. 2006. All Rights Reserved.

10 DDL Triggers Similar to triggers in previous versions These operate on data definition statements (CREATE, DROP, etc). Best used for auditing changes to the schema Multiple triggers can be assigned to an event © Wiley Inc. 2006. All Rights Reserved.

11 DDL Triggers – cont’d Two scopes –Server level – logins, endpoints, other server level objects –Database level – users and other database level objects Events at each level are hierarchial Can trigger on Event groups or Events User EVENT DATA instead of inserted and deleted tables © Wiley Inc. 2006. All Rights Reserved.

12 Database Level Encryption Policy Encrypt data –Discussed in other chapters Encrypt code for objects –Be sure objects are under source control –Develop policy to ensure consistency © Wiley Inc. 2006. All Rights Reserved.

13 Securing Endpoints Multiple types of endpoints (SOAP, Database mirroring, Service Broker, etc.) Security can be applied just like other objects for users to limit access Dedicated Admin Connection is a different type of endpoint © Wiley Inc. 2006. All Rights Reserved.

14 Securing Endpoints – cont’d SOAP endpoints need to be secured –Variety of authentication methods can be used –Can encrypt the protocol as well using https Service Broker and Database Mirroring Endpoints –Need certificate to authenticate –Can be encrypted © Wiley Inc. 2006. All Rights Reserved.

15 SQL Server Agent Roles Three New Roles –SQLAgentUserRole –SQLAgentReaderRole –SQLAgentOperatorRole Allow delegation of job responsibilities to non-sysadmin users Limited to jobs and history Proxies greatly expanded for many more subsystems © Wiley Inc. 2006. All Rights Reserved.

16 .NET Assembly Security Created with any.NET language Registered with Windows host SAFE Permissions –Limited to data access inside a SQL Server instance EXTERNAL_ACCESS –Allows access inside SQL instance, Windows host file system, local registry, and web services © Wiley Inc. 2006. All Rights Reserved.

17 .NET Assembly Security – cont’d UNSAFE Permissions –Completely unrestricted –Can access memory buffers, legacy COM components, etc. –Must be created by sysadmin –Be very careful before allowing UNSAFE assemblies © Wiley Inc. 2006. All Rights Reserved.

18 Summary User best practices of assigning minimum permissions, especially with fixed roles (server or database) Use roles as much as possible DDL Triggers are excellent for auditing Secure endpoints – they are access points into SQL Server Use the lowest level of CLR permissions required. © Wiley Inc. 2006. All Rights Reserved.

Download ppt "Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide."

Similar presentations

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.
Logins, Roles and Credentials Lesson 14. Skills Matrix.

Logins, Roles and Credentials Lesson 14. Skills Matrix.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Auditing Database DDL Changes with SQLVer. About PASS The PASS community encompasses everyone who uses the Microsoft SQL Server or Business Intelligence.

Auditing Database DDL Changes with SQLVer. About PASS The PASS community encompasses everyone who uses the Microsoft SQL Server or Business Intelligence.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.

CONFIGURING WINDOWS SERVER MIS 424 Professor Sandvig.
Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist
Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.

Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Native Support for Web Services  Native Web services access  Enables cross platform interoperability  Reduces middle-tier dependency (no IIS)  Simplifies.

Native Support for Web Services  Native Web services access  Enables cross platform interoperability  Reduces middle-tier dependency (no IIS)  Simplifies.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.

Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |

Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |

Similar presentations

Ads by Google