Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.

Similar presentations


Presentation on theme: "SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005."— Presentation transcript:

1 SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005

2 Authentication Modes The authentication mode dictates how SQL Server processes usernames and passwords There are two modes –Windows Authentication This mode gives users access to SQL Server using their Windows credentials –SQL Server and Windows Authentication Also called Mixed Mode © Wiley Inc. 2006. All Rights Reserved.

3 Windows Authentication Users do not have to remember multiple user names and passwords Logins are controlled by Windows password policies Logins can be mapped to a single user, or Windows group account Non-Windows users (i.e. MAC) cannot log in to SQL Server © Wiley Inc. 2006. All Rights Reserved.

4 Mixed Mode This allows Windows and non-Windows users to log in Non-Windows users use a SQL Server login account –The user logs on to their network –The user opens a nontrusted connection to SQL Server using a username and password other than those used to gain network access. It’s called a nontrusted connection because SQL Server doesn’t trust the operating system to verify the user’s password. –SQL Server matches the username and password entered by the user to an entry in the Syslogins table. Consider use Windows Authentication for DBA and Mixed mode for applications © Wiley Inc. 2006. All Rights Reserved.

5 Common Login Items Logins set the default database and default language You can grant access to databases when you created a login You can add the login to a fixed server role at create time Although you can create Database logins in Windows Authentication mode, you won’t be able to use them. If you try, SQL Server will ignore you and use your Windows credentials instead. © Wiley Inc. 2006. All Rights Reserved.

6 Fixed Server Roles Fixed server roles limit user access to SQL Server Each role has a predefined set of permissions © Wiley Inc. 2006. All Rights Reserved.

7 Fixed Server Roles Sysadmin –to perform any task in SQL Server, DBA only Serveradmin –can set serverwide configuration options, such as how much memory SQL Server can use or how much information to send over the network in a single frame, or even shut down the server. Setupadmin –can install replication and manage extended stored procedures Securityadmin –manage security issues such as creating and deleting logins, reading –the audit logs, and granting users permission to create databases Processadmin –can end (kill) a process, good for developers to be in Dbcreator –can create and make changes to databases Diskadmin –manage files on disk. They perform actions such as mirroring databases and adding backup devices Bulkadmin –can execute the BULK INSERT statement © Wiley Inc. 2006. All Rights Reserved.

8 Database User Mappings Also called user accounts These accounts give users access to a database Users need an account in each database they need to access There are two special accounts –DBO Members in Sysadmin are also DBOs –Guest user Every user who has a server account can also access other DBs as a guest– limit the access of this account © Wiley Inc. 2006. All Rights Reserved.

9 Permissions Any object to which SQL Server regulates access is called a securable You assign permissions on securables for users Securables fall under one of three scopes –Server –Database –Schema © Wiley Inc. 2006. All Rights Reserved.

10 Server Scope Server Endpoint SQL Server login SQL Server login mapped to Windows login SQL Server login mapped to certificate SQL Server login mapped to asymmetric key © Wiley Inc. 2006. All Rights Reserved.

11 Database Scope Database users Database users mapped to Windows login Database users mapped to certificate Database users mapped to asymmetric key Database roles Application roles Assemblies Message type Service contract Service Fulltext catalog DDL events Schema © Wiley Inc. 2006. All Rights Reserved.

12 Schema Scope Table View Function Procedure Queue Type Rule Default Synonym Aggregate © Wiley Inc. 2006. All Rights Reserved.

13 Statement Permissions Statement permissions regulate schema access Examples –Create Database –Create Table –Create View –Create Procedure –Create Index –Create Rule –Create Default © Wiley Inc. 2006. All Rights Reserved.

14 Object Permissions These regulate access to the data There are 12 object permissions –Control –Alter –Take ownership –Impersonate –Create –View definition –Select –Insert –Update –Delete –References –Execute © Wiley Inc. 2006. All Rights Reserved.

15 Database Roles These are groups with permissions already applied –Adding a user to one of these roles gives them the permissions assigned to the role There are two types: –Fixed database roles –Custom database roles © Wiley Inc. 2006. All Rights Reserved.

16 Fixed Database Roles These are built-in to each database: –Db_owner –Db_accessadmin –Db_datareader –Db_datawriter –Db_ddladmin –Db_securityadmin –Db_backupoperator –Db_denydatareader –Db_denydatawriter –Public © Wiley Inc. 2006. All Rights Reserved.

17 Custom Database Roles The permissions assigned to the fixed roles will not meet all of your needs You can create your own database roles and assign permissions © Wiley Inc. 2006. All Rights Reserved.

18 Application Roles This is a special role that must be activated using a password It is designed to force users to use a specific application to access data The activation code can be hardwired into your custom applications © Wiley Inc. 2006. All Rights Reserved.

19 Permission States Permissions can be in one of three states Grant –User can use permission Revoke –User can use permission if they are a member of a group that has permission Deny –User cannot use permission under any circumstance © Wiley Inc. 2006. All Rights Reserved.

20 Ownership Chains When a user queries a view, or executes a stored procedure, SQL Server checks the owner of the underlying object If the owners are the same, only permissions on the queried object are verified If they are different, permissions on both objects are verified –This is called a broken ownership chain © Wiley Inc. 2006. All Rights Reserved.

21 Linked Server Security Linked servers allow users to include data from others servers in a result set –Example, you could join data from SQL Server and Oracle Add a linked server using sp_addlinkedserver © Wiley Inc. 2006. All Rights Reserved.

22 Encryption Data transferred from the client to the server can be encrypted on the wire You need a certificate to do this Once you import the certificate you can configure SQL Server using Configuration Manager © Wiley Inc. 2006. All Rights Reserved.

23 Devising a Plan Consider several options: –Types of users –Fixed server role usage –Database access –Type of access –Group permissions –Object creation –Public role permissions –Guest access © Wiley Inc. 2006. All Rights Reserved.


Download ppt "SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005."

Similar presentations


Ads by Google