.: SQL Server Security
By:Chris Kemp
Category:Home / Computers / Software
There are several levels of security to SQL Server. At the a base level, in order to be granted get access to a SQL Server, a user is required to have a login account.
There are two modes of security to SQL Server, distinguished by which program provides the authentication. NT Authentication provides that Windows NT (and/or its successors) verify verifies the identity of a user logging in. In this mode, the SQL Server will ‘trust' that Windows NT has verified that the user is who he says he is. The second method, SQL Server authentication, it is SQL: Server that authenticates the identity of the user. SQL Server authentication is typically used for internet Internet connections, since not all internet Internet users have Windows NT, and not all NT domains are trusted.
In addition to identifying users, it is sometimes convenient to define roles at the server level. Since within an organization, there are groups of users with similar access needs and levels, it may be convenient to define roles with specific levels of permissions. Once you have defined a role, you can assign users to that role, and those users inherit all of the privileges assigned to the role.
There are two types of permissions assigned to individual users and roles. Statement permissions confer the right to execute certain types of T-SQL commands. Object permissions confer the right to access database objects directly.
Defining Logins Users, and Roles
Logins can be added either through the Database Properties Window (under Logins), or by invoking system stored procedures with appropriate parameters. The command
sp_addlogin loginname, password, databasename
will add a SQL Server authenticated login to the list;
sp_grantlogin ‘domainname/username'
will add an NT authenticated login to the list.
After the login has been allowed, you need to allow the user access to the database. This is done either through the Database Properties Window (under Users for that particular database) or with the command
sp_grantdbaccess loginname.
You can see the list of users using the command sp_helpuser or sp_helpuser username
To cancel a security account for a given database, use sp_revokedbaccess username
To remove an NT Login use sp_revokelogin ‘username' (note no domain), and to srop stop a SQL Server authenticated login, use sp_droplogin username .
To add a role to a database, use sp_addrole ‘clerical', and to add meAugust 16, 2005er ‘clerical', ‘username'. To delete a rolemember use sp_droprolemember username.
At the SQL Server level the rolenames are fixed, and cannot be changed, but users can be added using sp_addsrvrolemember username, dbcreator . To drop a rolmember, use sp_dropsrvmember username .
Granting permissions
The GRANT command is used to assign permissions to a security account. Statement permissions in this way: GRANT right TO username
where right can be any of the following:
CREATE DATABASE
CREATE DEFAULT
CREATE PROCEDURE
CREATE RULE
CREATE TABLE
CREATE VIEW
DUMP DATABASE
DUMP TRANSACTION
For object permissions, GRANT is also the command to use, but the grammar differs slightly:
GRANT action ON table/view/procedure name TO username
where action can be one of the following:
INSERT, DELETE, EXECUTE, SELECT or UPDATE
One can also apply these this permission to groups or roles as well as usernames. And it is also possible that a role can have a permission, but a member of that role be denied permission for a task. See the next discussion.
In all of the above commands, you can also explicitly deny permission using DENY in place of GRANT. Note however that DENY is not the negation of GRANT . DENY explicitly excludes the user from that capability. The REVOKE command is used to remove both the permission and refusal.
Resources
• Article: How To Identify Your SQL Server Service Pack Version and Edition
This is an insightful article that discusses about SQL server pack version and edition.
• Tutorial: Using Access or SQL Server to Write your ASP Code
This tutorial discusses how SQL server can be used to write the ASP code.
Metro NY / NJ SQL Server Consultants
We specialize is custom database software. Call us for a free consultation (973) 635 0080 or email us at paladn.com
Article keywords: Database Design Development C++ VB SQL Server
Article Source: http://www.articles32.com
www.paladn.com
.: New Software Articles
1). What Your Spouse Might Not Want You To Know
Is your spouse or significant other extremely secretive about their computer habits?
2). Why Buy Anti Spyware Software When I Can Download it Free?
Many Spyware software packages are being sold on the Internet. Many other packages are listed for free. Why should you pay for something that might be free?
3). Free Spyware Adware Remover
Computers need routine maintenance as well as systems checks in order to be in good condition at all times. This can be done by getting the proper software or sending the unit to the shop.
4). Getting Free Internet Security for Your Computer
Surfing the Internet nowadays can be very dangerous. With all the viruses, spywares, adwares, identity thieves and hackers circulating for surfers to victimize, opening and downloading an attachment sent by your friend can be very scary.
5). What Are Your Children Doing Online?
In the Internet age, our children use the computer as much as or maybe more than their parents do. Kids use the Internet to do homework, play video games, converse with their friends and more.
6). Safe Guard Your Critial Business Documents
All types of commercial places, whether in the private, public or the government sector are now increasingly using computers for various possible functions.
7). How Folder Hider Software Works
Nowadays, a computer is being increasingly used in all types of settings, whether it is an office, a corporate house or domestic settings.
.: Top Software Articles
1). Track Your MySpace Profile Visitors
I know that everyone who is on MySpace has had the same burning questions that I’ve had. How can I see who has viewed my MySpace profile? Where can I find a MySpace Tracker? Since MySpace has become so popular, so have the MySpace profile stalkers. Could be your friends, neighbors, ex-boyfriends or ex-girlfriends, or even someone you don’t even know.
2). Discover Mozzila FireFox Browser -and How to Install Extensions
Discover Mozilla FireFox Extra Features – Extensions and How To Install Them
If you are still not using any other web browser then FireFox (no matter what OS you are using) you are endangering the security of your computer and missing out on a much richer surfing experience.
One of Mozilla FireFox browser most powerful feature is the possibility to install extensions.
3). PsP Software Downloads – Review for PsP Blender
PsP software downloads is a very good way to get new software for your psp hand held. You can get psp movies from many different websites. Most of these sites include psp music downloads, psp movie downloads and psp software downloads and of course PsP Games. Many of the databases are different from one site to another. Some sites offer a wide variety of different choices.
4). Tutorial - Enabling IIS 5.1 on Windows XP Pro
Windows XP Home Edition does not support IIS
1. You may need to put your Windows XP Pro CD into the PC.
2. Go to Control Panel, ‘Add Remove Programs’, then ‘Add/Remove Windows Components’. In the Windows Components window, place a check mark
beside ‘Internet Information Services (IIS)’, then click next, then click finish.
3. During installation, Windows creates a directory at C:inetpubwwwroot and places a few files there.
5). PsP Software – Review of Software Download Sites
PsP handhelds are one of the newest and most fun ways to play games, watch movies and listen to music. PsP software downloads are just some things that you can do to improve your psp. PsP software downloads are fun and easy.
There are many places on the net were one can find psp software downloads. Some sites have you pay per download and sometimes charge up to a couple dollars for each download.
6). What To Do When Windows Fail To Boot
Copyright 2006 Otis Cooper
When Windows fails to boot it is normally caused by you installing a program or device and it has caused a conflict with one or more other programs.
This will no doubt give you plenty of heartaches if you're not certain which program caused Windows to not boot up.
If you recently installed a program or application and know where it was installed,you may be in much better shape as for as correcting the error.
7). SQL Server 2000 Data Types
SQL Server requires that each variable and column in a table should be defined with respect to the type of data it will store. From a bit to a huge image and binary storage types, the allocation is supposed to help the user conform to the data required, and help the engine allocate space and processing speed efficiently.
Built-in data types
SQL.