SQL Server Permission Management: 12 Pitfalls and Misconceptions
23
SQL Server Permission Management 12 Pitfalls & Misconceptions
-
Upload
sebastian-meine -
Category
Technology
-
view
63 -
download
0
description
Your responsibilities as the DBA include the management of access permissions. To be able to live up to the expectation that you will be able to secure the data, you must know the 12 Pitfalls & Misconceptions that we will talk about in this session.
Transcript of SQL Server Permission Management: 12 Pitfalls and Misconceptions
SQL ServerPermission Management
12 Pitfalls & Misconceptions
About Me
Sebastian
Meine
Clean Code
SQL Stylistsqlity.
netFast
Code
About Me
Sebastian
Meine
Clean Code
SQL Stylistsqlity.
netFast
Code
Overview
©2011 sqlity.net llc, all rights reserved. emptyPic
Permission Management• What• When• Why• How
12 P&Ms• Pitfalls• Misconceptions
I
Permission Management-
Why?
ALTER SERVER ROLE sysadmin ADD MEMBER [public];
©2011 sqlity.net llc, all rights reserved. HoBT
SQL Injection
©2011 sqlity.net llc, all rights reserved. HoBT
Exce
rpte
d fr
om
OW
ASP
Top
10 –
201
3 (P
age
4)
I
Permission Management-
What?
I
Permission Management-
When?
After development is done.
©2011 sqlity.net llc, all rights reserved. HoBT
Security cannot be an afterthought
I
Permission Management-
How?
Permission Management
GRANT REVOKE DENY
Database Role
ServerRole
Application Role
©2011 sqlity.net llc, all rights reserved. HoBT
GRANT Statement
©2011 sqlity.net llc, all rights reserved. HoBT
GRANT Privilege ON Securable TO Principal;
GRANTREVOKEDENY
Privilege
SELECT UPDATE
CREATE ALTER
CONTROL …©2011 sqlity.net llc, all rights reserved. HoBT
Securable
Table Schema
Database Server
Endpoint …©2011 sqlity.net llc, all rights reserved. HoBT
Principal
ServerRole
Database Role
Application Role Login
User©2011 sqlity.net llc, all rights reserved. HoBT
II
12 Pitfalls
& Misconceptions
12 P&Ms
REVOKE = DENY
ALL PRIVILEGES
GRANT on all Columns =
GRANT on Table
REVOKE un-granted Column
Permission
REVOKE CONTROL
(Non)CASCADE
DENY (Non)CASCADE
Column GRANT >
Table DENY
DENY CONTROL
Role Ownership Implications
CONTROL SERVER Impact on
Securable Owner
Implicit User Creation Failure
Ownership Chaining
Quandary
©2011 sqlity.net llc, all rights reserved. HoBT
References
SQL Stylist with sqlity.net
Sebastian Meine
©2011 sqlity.net llc, all rights reserved.
SQL Server Permission Management 12 P&Ms
http://goo.gl/YhsW1M
