Skip to main content

SQL Server Security


To understand the security feature of SQL Server you need to understand the levels of security.

So what happens at windows level, you need to user and password. As soon as you are inside windows you need to enter inside instance and for that you need a login. After entering into an instance you need to have users for each database. There will be mapping of users and login. So the main points are:


  •  To enter into an instance we need a login.
  •  To enter into database we need a user.
  •  Users and logins must be mapped.



When a machine is on a network, it can be:
  •  Workgroup or 
  •  Domain


Workgroup is a standalone machine which may or may not be connected to a network and all the machines will be independent of each other while domain is a centralised machine where Active Domain(AD) is installed therefore it is called a Domain Controller(DC). So it is not needed in this case to go on each machine separately. But while installing windows we need to install it separately on domain and workgroup for each machine.

Types of Login

There are basically 3 types of logins in SQL Server. They are:


  • Domain Login - It is the centralized login. Windows professional will create the login and will give it to every other machine. 
  • Local Login - This login is local to the windows level. It will be created in windows operating system and after that it will be added to the SQL Server. this login would be local to the machine on which it is created.
  • SQL Login - It is a login created at the SQL level and windows doesn't knows about this login. In order to connect to the SQL Server authentication you need to enable SQL Server and windows authentication mode. In order to apply the change if you switch from windows to SQL mode you need to restart SQL Server service.
How to create SQL Server Login?
  • Go to SQL Server management studio. 
  • Go to Security->Logins->Right click on login->New Login->Give Login name->Enable SQL Server authentication mode->Give PWD & confirm Pwd->Uncheck enforce pwd policy, enforce pwd expiration, user must change pwd on next login->click on server roles on left pane-.check Sysadmin->ok.
  • Right click on instance->Properties->Security->Enable SQL Server & windows authentication mode->ok.
  • Go to SQL Server Configuration manager->Restart SQL Server Service.
How to create Local Login?

  • Go to start-> Administrative Tools->Computer Management->Local users and groups->Right click on users->New User->Give Username, full name, description->Give pwd and confirm password->uncheck user must change pwd at next logon->Create.
  • Go to groups->Double click->Administrators->Double click->Click on add->Enter the username you just created->Ok->Apply->Ok.
  • Go to management server studio->Security->Logins->Right Click->New Login->Add the username like this--Servername\Username->Go to Server roles->Check Sysadmin->ok.
  • Log off Windows.
  • Give pwd for the username just created.
  • Open management Studio->Windows Authentication->ok.
How to create a Group?

  • Start->Administrative tools->Computer management->Users & Groups->New Group->Give group name->Add->Enter name of the username that you want to include in the group->Ok.
  • Go to management studio->Security->Login->Right Click->New Login->Add the login just created like this--Servername\Groupname->Server Roles->Check Sysadmin->Ok.
  • Log off the system so that the windows Knows that the group has been created.
  • Login again & try to connect.
  • Group has been created.
Concept of Login

The box or system has operating System Windows which can have either:
  • Local User or
  • Domain User
After logging in into the box we need to enter into SQL Server instance which can have 3 logins:
  • Domain
  • SQL or
  • Local
After logging in into the instance we can see databases. Each database is having a user which must be mapped to the Login created. We are able to use the databases without creating users if while creating instance, sysadmin permission is given in Server roles.

Two stages are required for entering into the instance or databases:
  • Authentication-> Are you the same person?
  • Authorization->What permissions you have?
Permissions

There are 2 levels of Permissions:
  • SQL Server Level(Instance Level)
  • Database Level
Whatever you see in Server roles(Security->Login->New Login->Server Roles) are instance level roles. There are total 9 Server Roles.
Logins & usernames are together called as Principals and resources on which permissions need to be given are called Securables. Permissions are the link between Principals and Securables.

If we need to create lot of logins and give same permissions to them, it will be time consuming. So we group logins and assign them roles(Grouping of Permissions) to ease the task.

 Creating User of a database

  • Create new Login.
  • Map this login to the database by right clicking on database and then clicking on properties. Click on database->Security->Users->New User->Username whatever you wat and login name that you created in login->Give role members and click on Ok.
  • User gets created in each database.
Some Useful commands

1. To see all the logins and Usernames: 
    select * from sys.server_principals

2. To see all the database related information:
    select * from sys.database_principals

3. To see all the schema related info:
    select * from sys.schemas

4. To create your own schema:
    create schema schema_name

5. To see info about Logins:
    select loginname, * from sys.syslogins [For login names only]
OR
    select * from sys.syslogins

6. To see info about users:
    select * from sys.sysusers

7. To see the version of SQL installed:
    select @@version

8. To see edition of SQL installed:
    select SERVERPROPERTY('edition')

9. To see server name:
    select @@SERVERNAME

Comments

Post a Comment

Popular posts from this blog

SQL Server Upgrade Issues

Pre-Requisites We usually think of SQL Server simply as a database engine, while it is a data platform which supports data warehousing, reporting, data integration and data analytics. An in-depth planning is required when upgrading from one version of SQL Server to a newer version along with the features that SQL Server offers. Upgrading these extensive number of features can be remarkably complicated and time-consuming than just upgrading the database engine alone.   Below mentioned are few of the “lessons learned” that help reduce risks of data losses etc.: 1.        Application compatibility: Before planning for upgrade activity, make sure that you discuss the compatibility of SQL Server and the associated application with your application vendor.  2.        Preparation for migration: In case your upgrade activity fails due to some reason and there is no solution possible other than migration,...
Post a Comment
Read more

Data Compression - Row & Page ( Sketch notes)

Just some notes on compression... something helpful for a beginner.
Post a Comment
Read more

Best Practices to be followed for SQL Server

1. Memory Capping SQL Server is an application that uses as much memory as is provided to it. Setting memory too high can cause other applications to compete with SQL on the OS and setting memory too low can cause serious problems like memory pressure and performance issues. It is important to provide at least 4 GB memory for OS use, if you are running only SQL Server as an application on the server.  2. Data File Locations SQL Server accesses data and log files with very different I/O patterns. Data file access is mostly random whilst transaction log file access is sequential. Spinning disk storage requires re-positioning of the disk head for random read and write access. Sequential data is therefore more efficient than random data access. Separating files that have different access patterns helps to minimize disk head movements, and thus optimizes storage performance.  3. Auto growth Auto-growth of the database files should be set in MBs as it will al...
Post a Comment
Read more