Академический Документы
Профессиональный Документы
Культура Документы
http://www.LearnNowOnline.com
Objectives
Understand permissions in SQL Server and how they provide granular control over data and objects Learn how to provide a final layer of defense by encrypting data
Agenda
Permissions Data Encryption Security Epilogue
Permissions
Like a visa for visiting a foreign country Gives a principal some kind of access to a securable object Follow the principle of least privilege
Major step in securing a database
Permission Types
A few common types
CONTROL IMPERSONATE INSERT
CREATE
ALTER ALTER ANY <objecttype> DELETE
SELECT
TAKE OWNERSHIP UPDATE VIEW DEFINITION
Permission Statements
Three types of statements
GRANT REVOKE DENY
Granting Permissions
Easiest way to grant permissions in Management Studio: modify user or role Can also modify properties of individual objects
Same effect, but tedious
Can assign permissions to schema Can set a default schema for a user
Learn More @ http://www.learnnowonline.com
Copyright by Application Developers Training Company
Default Schemas
Schema is a container for database objects
Owned by a principal
add objects
Execution Context
SQL Server follows a procedure to ensure user has permissions to execute code Exception is when code owner has permissions on underlying objects Steps
1. 2. 3. 4. 5.
Verify caller has EXECUTE permission Check if code owner owns all underlying objects If not, check if user has permissions If have permissions, execute code If doesnt have permissions, raise error, dont execute
Learn More @ http://www.learnnowonline.com
Copyright by Application Developers Training Company
Ownership Chaining
Owner of code owns underlying objects If not: broken ownership chain Generally easier to write code with unbroken ownership chains Now can change the security execution context of code
Metadata Security
Earlier versions of SQL Server made it easy for an attacker to explore structure of database
Just needed any access to database
Agenda
Permissions Data Encryption Security Epilogue
End of Part 1
http://www.LearnNowOnline.com