How To SecureYour SQL Server

Gidget Pryor

© 2003 Global Knowledge Network, Inc. All rights reserved. 04/12/2023 Page 1© 2011Global Knowledge Training LLC. All rights reserved.

© 2014 Global Knowledge Training LLC. All rights reserved.

Gidget Pryorgidget.pryor@globalknowledge.com

SQL Server course director at Global KnowledgeHas more than 20 years of database, systems

engineering, application development, and programming experience

Worked with multiple database platforms, including SQL Server, Oracle, DB2, MySQL, FoxPro, Access, and Sybase

Especially enjoys business intelligence and performance tuning

© 2014 Global Knowledge Training LLC. All rights reserved.

Our Agenda

SQL Server Multilayered Security Approach– Discussion– Demonstration

New Security Features in SQL Server 2012– Discussion– Demonstration

© 2014 Global Knowledge Training LLC. All rights reserved.

Multilayered Security Approach

AuthenticationLoginsUsersSchemasRoles

– Server– Database

Authorization

© 2014 Global Knowledge Training LLC. All rights reserved.

Logins and Users

System LevelMaster database Logins

WindowsSQL Server

User LevelUser database Users

© 2014 Global Knowledge Training LLC. All rights reserved.

Authentication

Occurs at the SQL Server Instance LevelTwo Modes

– Windows Authentication– Mixed Mode (SQL Server and Windows)

© 2014 Global Knowledge Training LLC. All rights reserved.

Logins and Users

Logins– Created and stored in the master database– Two types

• Windows• SQL Server

– Should be created firstUsers

– Created in each individual user database– Mapped to a login– Should be created after the login

© 2014 Global Knowledge Training LLC. All rights reserved.

Schemas

Logical and Security Boundaries Around ObjectsIntroduced in SQL Server 2005Users Have a Default Schema

– Explicitly assigned– dbo if not otherwise assigned

SQL Server Uses Schemas for Object Resolution– If there is no qualified schema name, SQL Server:

1. Uses default schema

2. Checks the dbo schema

3. Returns an error if the object isn’t present in either of these

© 2014 Global Knowledge Training LLC. All rights reserved.

Roles

Server Level– Fixed

• Built in• Permissions are set• Membership is not set

– User defined (new in SQL Server 2012)Database Level

– Fixed• Built in• Permissions are set• Membership is not set

– User defined

© 2014 Global Knowledge Training LLC. All rights reserved.

Authorization

Provides Access to a ResourceScope

– Server– Database– Schema– Object– Element (i.e., column)

Grant, Revoke, DenyCombining Permissions

Demonstration:Multilayered Security

Approach

© 2014 Global Knowledge Training LLC. All rights reserved.

New Security Features in SQL Server 2012

User-Defined Server Roles– Ability to group permissions without giving too much

access– Flexible permissions– Membership is not set

Contained Databases– Partially contained only– Authentication without a login– Facilitate movement of databases from server to server

Demonstration:User-Defined Server Roles

Demonstration:Contained Databases

© 2014 Global Knowledge Training LLC. All rights reserved.

Questions?

Gidget Pryorgidget.pryor@globalknowledge.com

www.globalknowledge.com/microsoft

© 2014 Global Knowledge Training LLC. All rights reserved.

Learn More

Recommended Global Knowledge Courses

Administering Microsoft SQL Server 2012 Databases

MCSA: SQL Server 2012 Boot Camp SQL Server 2008 R2 for

AdministrationRequest an On-Site Delivery

We can tailor our courses to meet your needs

We can deliver them in a private setting

Visit Our Knowledge Center Assessments Blog Case Studies Demos Lab Topologies Special Reports Twitter Videos Webinars White Papers

Thank You for Attending

For more information contact us at:

www.globalknowledge.com | 1-800-COURSES | am_info@globalknowledge.com