Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • SQL - Permissions and Data Protection

    Загружено:

    Craig
    52 просмотров17 страниц
    SQL: Permissions and Data Protection Part 1 explains permissions in SQL server and how they provide granular control over data and objects. It also explains how to provide a final layer of defense by encrypting data.

    Исходное описание:

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    SQL: Permissions and Data Protection Part 1 explains permissions in SQL server and how they provide granular control over data and objects. It also explains how to provide a final layer of defense by encrypting data.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Отметить как неприемлемый контент
    52 просмотров17 страниц

    SQL - Permissions and Data Protection

    Загружено:

    Craig
    SQL: Permissions and Data Protection Part 1 explains permissions in SQL server and how they provide granular control over data and objects. It also explains how to provide a final layer of defense by encrypting data.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Отметить как неприемлемый контент
    из 17

    SQL: Permissions & Data Protection Part 1

    http://www.LearnNowOnline.com

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Objectives
    Understand permissions in SQL Server and how they provide granular control over data and objects Learn how to provide a final layer of defense by encrypting data

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Agenda
    Permissions Data Encryption Security Epilogue

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Permissions
    Like a visa for visiting a foreign country Gives a principal some kind of access to a securable object Follow the principle of least privilege
    Major step in securing a database

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Permission Types
    A few common types
    CONTROL IMPERSONATE INSERT

    CREATE
    ALTER ALTER ANY <objecttype> DELETE

    SELECT
    TAKE OWNERSHIP UPDATE VIEW DEFINITION

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Permission Statements
    Three types of statements
    GRANT REVOKE DENY

    Denying permissions is powerful

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Granting Permissions
    Easiest way to grant permissions in Management Studio: modify user or role Can also modify properties of individual objects
    Same effect, but tedious

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Roles, Permissions, and Schemas


    Fully qualified database object name: server.database.schema.object Schema

    Can assign permissions to schema Can set a default schema for a user
    Learn More @ http://www.learnnowonline.com
    Copyright by Application Developers Training Company

    Default Schemas
    Schema is a container for database objects
    Owned by a principal

    Benefit: better management of object ownership


    Learn More @ http://www.learnnowonline.com
    Copyright by Application Developers Training Company

    Default Schemas for Users


    SQL Server doesnt automatically create a schema with same name as user
    Have to explicitly create it, assign ownership, and

    add objects

    Normally, you should assign a default user

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Default Schemas for Groups


    Default schemas for users solved a problem But created a problematic side effect Default schemas for groups solves that new problem

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Execution Context
    SQL Server follows a procedure to ensure user has permissions to execute code Exception is when code owner has permissions on underlying objects Steps
    1. 2. 3. 4. 5.

    Verify caller has EXECUTE permission Check if code owner owns all underlying objects If not, check if user has permissions If have permissions, execute code If doesnt have permissions, raise error, dont execute
    Learn More @ http://www.learnnowonline.com
    Copyright by Application Developers Training Company

    Ownership Chaining
    Owner of code owns underlying objects If not: broken ownership chain Generally easier to write code with unbroken ownership chains Now can change the security execution context of code

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Changing the Execution Context


    Dont always want callers permissions used to validate permissions in broken ownership chain Can change in any code except inline table-valued function Options
    EXECUTE AS CALLER EXECUTE AS <user>/<login> EXECUTE AS SELF EXECUTE AS OWNER

    Must have IMPERSONATE permission


    Learn More @ http://www.learnnowonline.com
    Copyright by Application Developers Training Company

    Metadata Security
    Earlier versions of SQL Server made it easy for an attacker to explore structure of database
    Just needed any access to database

    Metadata is as secure as data is

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Agenda
    Permissions Data Encryption Security Epilogue

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    End of Part 1
    http://www.LearnNowOnline.com

    Learn More @ http://www.learnnowonline.com


    Copyright by Application Developers Training Company

    Вам также может понравиться