Download user account

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts

Entity–attribute–value model wikipedia , lookup

IMDb wikipedia , lookup

Oracle Database wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Microsoft Access wikipedia , lookup

Concurrency control wikipedia , lookup

Functional Database Model wikipedia , lookup

Btrieve wikipedia , lookup

Ingres (database) wikipedia , lookup

Database wikipedia , lookup

SQL wikipedia , lookup

Relational model wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Database model wikipedia , lookup

ContactPoint wikipedia , lookup

PL/SQL wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Clusterpoint wikipedia , lookup

Transcript 
Administrating a Database
Lesson 5
Objectives
Database Security
• Security, like every other aspect of the database
project, must be carefully designed, implemented,
and tested.
• Because security may affect the execution of some
procedures, it must be taken into account when
the project code is being developed.
• A permission is used to grant an entity (such as a
user access) to an object (such as another user or
a database).
• In SQL Server, the security model is based on what
is referred to as “securables”.
Logins and Accounts
• A login or logon is the process by which an
individual’s access to a computer system is
controlled by identification of that user using
credentials provided by that user.
• The most common login method is using a
username and password.
• A user account is a logical representation of
a person within a electronic system.
Server-Level Security
• The three different methods for which a user can
be initially identified include:
– Windows user login
– Membership in a Windows user group
– SQL Server-specific login (if the server uses
mixed-mode security)
• It is important to remember that at the SQL Server
level, where the database resides, users are known
by their login name. This can be a SQL Server login,
Windows domain, or a username login choice.
Database-Level Security
• Even though a user may belong to a fixed
database role and have certain
administrative level permissions, a user still
cannot access the data without first being
granted permission to the database object
itself (e.g., tables, stored procedures, views,
functions).
• All users are automatically members of the
public standard database role.
Object Permissions
• Each object’s permission is assigned
through either granting, revoking, or denying
user login permissions.
– Grant permission means the user can access
the object.
– Deny permission overrides a grant
permission.
– Revoke permission removes the permission
assigned, regardless of whether it’s deny or
grant.
SQL Server Service Account
• There are three different types of accounts
which are available for the SQL Server
service account:
– Local user account
– Local system account
– Domain user account
Authentication
• Authentication is the act of establishing or
confirming a user or system identity.
• Windows Authentication mode is superior to
mixed mode because users don’t need to
learn yet another password and because it
leverages the security design of the network.
SQL Accounts
• SQL servers also support mixed mode, which
allows you to connect to the SQL server using
Windows authentication or SQL Server
authentication.
• A SQL Server login account and related passwords
are defined on the SQL server and are not related
to Active Directory or Windows accounts.
• Associated with SQL authentication is the sa
account, the built-in SQL administrator account
associated with SQL authentication.
Database Server Roles
• SQL Server includes fixed, predefined server roles:
– Bulkadmin
– Dbcreator
– Diskadmin
– Processadmin
– Securityadmin
– Serveradmin
– Setupadmin
– Sysadmin
Guest Logon Accounts
• Any user who wishes to access a database but has
not been declared a user within the database will
automatically be granted the user privileges of the
guest user, as long as the guest user account has
been created.
• The guest user account is not actually created
when a database is created. It must be specifically
added in through the SQL Server Management
Studio interface or through a Transact-SQL
statement.
Fixed Database Roles
• SQL Server includes a few standard, or fixed, database
roles
– db_accessadmin
– db_backupoperator
– db_datareader
– db_datawriter
– db_ddladmin
– db_denydatareader
– db_denydatawriter
– db_owner
– db_securityadmin
Object Permissions
• Object permissions are the permissions that allow
a user to act on the database objects (such as
tables, stored procedures, and views):
– Select
– Insert
– Update
– Delete
– DRI (References)
– Execute
Ownership Chains
• In SQL Server databases, users often access
data by going through one or several objects.
• Ownership chains apply to views, stored
procedures, and user-defined functions.
• If the ownership chain is broken (meaning
there’s a different owner between an object
and the next lower object), SQL Server
checks the user’s permission for every
object accessed.
Backups
• The purpose of a database backup is so that
you have something to restore if data is lost
during a business’s daily routine.
• A user may accidentally delete a table or a
database administrator may need to restore
multiple tables on different servers in order to
combine them into one database.
• The need for a database backup and restore
plan for a business are immediate and far
reaching.
Types of Backups
• Full backup: A full backup contains all the data in a
specific database or set of filegroups or files, and
also enough log to allow for recovering that data.
• Differential backup: . A differential backup
contains only the data that has changed since the
differential base.
• Incremental backup: An incremental backup is
based on the last backup of the data. An
incremental backup contains only the data that has
changed since the last full or incremental backup.
Partial Backups
• Partial and differential partial backups are
designed to provide more flexibility for
backing up databases that contain some
read-only filegroups under the simple
recovery model.
File Backups
• The files in a database can be backed up
and restored individually.
• Using file backups can increase the speed of
recovery by letting you restore only damaged
files without requiring you to restore the rest
of the database.
Backup Devices
• SQL Server backups are created on backup
devices, such as disk files or tape media.
• You can append new backups to any existing
backups on a device or overwrite any
existing backups.
Database Restores
• Restore scenarios include the following:
– Complete database restore
– File restore
– Page restore
– Piecemeal restore
– Recovery only
– Transaction log restore
– Create a mirror database
– Create and maintain a standby server
Summary
• The end result of working with database security is to
ensure the rights and responsibilities given to users,
through creating users and roles, is enforced through a
security plan.
• A permission is used to grant an entity (such as a user)
access to an object (such as another user or a
database).
• A login or logon is the process by which individual
access to a computer system is controlled by
identification of the user using credentials provided by
the user. The most common login method is using a
username and password.
Summary
• A user account is a logical representation of a person
within a electronic system.
• Even though a user may belong to a fixed database
role and have certain administrative-level permissions,
a user still cannot access the data without first being
granted permission to the database object itself (e.g.,
tables, stored procedures, views, functions).
• Each object’s permission is assigned through either
granting, revoking, or denying user login permissions.
• Authentication is the act of establishing or confirming a
user or system identity.
Summary
• Windows Authentication mode is superior to mixed
mode because users don’t need to learn yet
another password and because it leverages the
security design of the network.
• Associated with SQL authentication is the sa
account, which is the built-in SQL administrator
account associated with SQL authentication.
• SQL Server includes fixed, predefined server roles.
Primarily, these roles grant permission to perform
certain server-related administrative tasks.
Summary
• Sysadmin can perform any activity in the SQL
Server installation, regardless of any other
permission setting. The sysadmin role even
overrides denied permissions on an object.
• The public role is a fixed role, but it can have object
permissions like a standard role. Every user is
automatically a member of the public role and
cannot be removed, so the public role serves as a
baseline or minimum permission level.
Summary
• Users must be explicitly granted access to any
user database.
• The db_owner is a special role that has all
permissions in the database.
• An application role is a database-specific role
intended to allow an application to gain access
regardless of the user.
• The purpose of a database backup is so that
you have something to restore if data is lost
during a business’s daily routine.
Summary
• A user may accidentally delete a table or a
database administrator may need to restore
multiple tables on different servers in order to
combine them into one database.
• Full backups contain all the data in a specific
database or set of filegroups or files and also
enough log data to allow for recovering that data.
• Differential backups only backs-up data since the
last full backup.
• Incremental backups only backs-up up data since
the last full or incremental backup.
Related documents
Go to Start – All Programs – Microsoft SQL Server Management Studio
Go to Start – All Programs – Microsoft SQL Server Management Studio
Lecture 10 MS-SQL Server Basics
Lecture 10 MS-SQL Server Basics
Lecture 10 MS-SQL Server Basics
Lecture 10 MS-SQL Server Basics
How to restore a database in Microsoft SQL Server Management
How to restore a database in Microsoft SQL Server Management
SQL Server Administration
SQL Server Administration
DAT332 Database Administration For Developers Stephen
DAT332 Database Administration For Developers Stephen
MidRange Concepts - Fox Valley Technical College
MidRange Concepts - Fox Valley Technical College
wildlife - Seasalt
wildlife - Seasalt
SQL Server database administration using Web Data Administrator
SQL Server database administration using Web Data Administrator
Backup Policies and Your Laserfiche Data
Backup Policies and Your Laserfiche Data
Assignment: SQL #2 Putting Data into the Database
Assignment: SQL #2 Putting Data into the Database
High Availability-Disaster Recovery 101
High Availability-Disaster Recovery 101
Candidate Key
Candidate Key
Microsoft SQL Server Architecture
Microsoft SQL Server Architecture
COMP 521 F10 Final Exam Review
COMP 521 F10 Final Exam Review
Advanced Database - Lightweight OCW University of Palestine
Advanced Database - Lightweight OCW University of Palestine
Permissions
Permissions
SI 654 Database Application Design
SI 654 Database Application Design
Prince Sultan University - CS 340 Introduction to Database Systems
Prince Sultan University - CS 340 Introduction to Database Systems
Event Title - Microsoft Center
Event Title - Microsoft Center
SQL Server Administrative Duties
SQL Server Administrative Duties
SQL Server 2008 Complete Maintenance
SQL Server 2008 Complete Maintenance