30/1/2019 Librería

Lab Answer Key: Module 2: Assigning Server and

Database Roles
Es
te
do
cu
Lab: Assigning
me
nto
pe
Server and Database Roles
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc G
Exercise 1: Assigning
as ea
@
uServer
ille
rm Roles
itid orr
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
Task 1: Prepare the Lab Environment
iza
c ión
.

1. Ensure that the 20764C-MIA-DC and 20764C-MIA-SQL virtual machines are

Eboth
ste
running, and then log on to 20764C-MIA-SQL as
do
ADVENTUREWORKS\Student
cu
me
with the password Pa55w.rd.
nto
pe
rte
2. Ino ethe D:\Labfiles\Lab02\Starter
N l u isg ne
ce folder, right-click Setup.cmd, and then click
stá uil aL
np ler uis
Run aseradministrator.
mi
mo
co Gu
tid rre ille
as a @ rm
las gm oC
co a orr
3. In the User Account pia
ss
Control
il.c
om dialog,
ea click Yes when prompted to confirm that
Lo
in pe
you want to run the command au
tor file, andra. wait for the script to finish.
iza
ció
n.

Task E2: Create a Server Role

ste
do
cu
me
nto
ert p
1. Start
No SQL
lui Server
en
e Management Studio and connect to the MIA-SQL database
es sg ce
tán ille u a
engine peusingrmWindows
o
Lu
is authentication.
rm co Gu
itid rre ille
as a@ rm
Co las gm o
2. On the File menu,
co point
p
ail to Open,
.c rre and then click Project/Solution.
ias om aL
sin op
au era
tor .
3. In the Open Project dialog iza box, navigate to D:\Labfiles\Lab02\Starter\Project,
c ión
.
click Project.ssmssln, and then click Open.

4. In Solution Explorer, expand Queries, and then double-click Lab Exercise 01 -

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 1/11
30/1/2019 Librería

server roles.sql.

5. Under the heading for Task 1, type the following code::

CREATE SERVER ROLE database_manager;

Es
te
do
cu
me
nto
pe
r
6. No lui thetecode
Highlight ne you have typed and click Execute.
es s c gu ea
tán ille Lu
pe rm is
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
ss Lo m
in pe
Task 3: Assign a
Server-Level
uto Permissions ra.
riz
ac
ión
.

1. Edit the code under the heading for Task 2 so that it reads:

Es
te
oc d
GRANTum ALTER ANY LOGIN TO database_manager;
en
to
pe
GRANT VIEW rte ANY DATABASE TO database_manager;
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
lquery @ oC
2. Highlight the as
co you
g ma have
il.c oamended
rre
and click Execute.
pia o aL
ss m op
in era
au .
tor
iza
ció
n.

Task 4: Assign Role Membership

Es
te
do
1. Undercu the heading for Task 3, type the following code:
m en
to
pe
rte
No lui ne
es sg ce
tán u ille a
ALTERpe SERVER Lu
ROLE
rm
o is database_manager ADD MEMBER
rm Gu co
rreitid ille
a a
[ADVENTUREWORKS\Database_Managers];
sl @ rm
as gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
2. Highlight the code you haveciótyped n. and click Execute.

3. Leave SQL Server Management Studio open for the next exercise.

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 2/11
30/1/2019 Librería

Result: At the end of this exercise, you will have created the database_manager
server role, granted permissions to members to alter any login and alter any
database, and granted membership to the members of the Database_Managers
login.
Es
te
do
cu
me
nto
ert p
Exercise
No 2:
lui Assigning
s
en
ec Fixed Database Roles
es gu ea
tán ille Lu
pe rm is
rm oc Gu
itid orr ille
as ea rm
las @ o
gm
Task 1: Create a Database
co
p
aiUser
l.
Coand Assign Fixed Database Roles
rre
ias co aL
sin m op
au era
tor .
iza
ció
1. In SQL Server Management Studio,
. in Object Explorer, expand Security, n

expand Logins, right-click ADVENTUREWORKS\Database_Managers, and

then click Properties.
Es
te
2. do Login Properties - ADVENTUREWORKS\Database_Managers dialog
In thecu
m en
to
box, on the peUser Mapping page, in the Users mapped to this login table, in
r
N lu ten
oe isg cdatabase e
the ssalesapp1
tá uil
le
ea
L
row, select the Map check box.
np rm uis
erm oc Gu
itid orr ille
as rm ea
3. In the Database
las role
@ membership
gm oC for: salesapp1 list, select the
co ail orr
pia .co ea
db_accessadmin sand
si db_backupoperator
m Lo
p
check boxes, and then click OK.
na era
uto .
riz
ac
4. Leave SQL Server Managementión
. Studio open for the next exercise.

Es
Result:te At the end of this exercise, you will have mapped the Database_Managers
do
login to thecu salesapp1 database and added them to the db_backupoperator and
me
nto
db_accessadmin pe roles.
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
@
Exercise 3: Assigning
co aUser-Defined
il
oC
orr Database Roles
las gm
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ón ci
Task 1: Create a Database Principal
. in SSMS

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 3/11
30/1/2019 Librería

1. In SQL Server Management Studio, in Object Explorer, expand Databases,

expand salesapp1, and then expand Security.

2. Right-click Users, and then click New User.

3. In the Database User - New dialog box, on the General page, ensure that the
Es
te
do type box has the value SQL user with login.
Usercu
me
nto
pe
rte
4. In
No the User
lui
s namene
c box, type internetsales_user, in the Login name box, type
esgu ea
ille
tán Lu
ADVENTUREWORKS\InternetSales_Users,
p erm
r m oc is
Gu and then click OK.
itid orr ille
as e a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
Task 2: Create a User-Defined Database n. Role in SSMS

1. In Object Explorer, under salesapp1, under Security, right-click Roles, point to

Es
te
New,do and then click New Database Role.
cu
me
nto
pe
2. In
N
the Database
lu
rte
n Role - New dialog box, on the General page, in the Role
oe isg ec
stá u aL e
name n pbox,illtype
erm sales_reader,
uis and then click Add.
erm oc Gu
itid orr
ille
as ea
rm
las oC @
3. In the Select Database g ma User
co il.c oror
rea
Role dialog box, click Browse.
pia o
ss m Lo
in pe
au ra.
4. In the Browse for Objects t oriz dialog box, select the [internetsales_user]
ac
check
ión
box, and then click OK. .

5. In the Select Database User or Role dialog box, click OK.

Es
6. Intethe
do Database Role - New dialog box, on the Securables page, click Search.
cu
me
nto
pe
7. In
N
the Add
lu
Objects
rte
n dialog box, click Specific objects, and then click OK.
oe isg ec
stá uil ea
np ler Lu
erm sG mo i
8. In the Select
iti Objects
co
rre udialog
ill box, click Object Types.
da a@ erm
sl gm oC
as
rea co ail or
pia .co
9. In the Select Object
s s Types
m dialogLo box, select the Schemas check box, then
in pe
au ra.
click OK. tor
iza
ció
n.
10. In the Select Objects dialog box, click Browse.

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 4/11
30/1/2019 Librería

11. In the Browse for Objects dialog box, select the [Sales] check box, then click
OK.

12. In the Select Objects dialog box, click OK.

13. EIn the Database Role - New dialog box, in the Permissions for Sales section,
ste
on dthe
oc Explicit tab, in the Select row, select the Grant check box, and then
u me
n
click OK.to per
No lui ten
sg ec
es u ea
tán ille Lu
pe rm is
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co orr
ail
.co
pia ea
Task 3: Create a Database
s sin PrincipalLoby
m
pe Using Transact-SQL
au ra.
tor
iza
ció
n.
1. In Solution Explorer, double-click the query Lab Exercise 03 - database
roles.sql.
Es
2. te
Highlight the code under the heading for Task 3 and click Execute.
do
c um
en
to
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ill
erm ea
Task 4: Create User-Defined
as
la @
g Database
oC Roles by Using Transact-SQL
sc ma orr
op il.c ea
ias om Lo
sin pe
au ra.
tor
iza
1. Under the heading for Taskció4,n type the following code:
.

CREATE ROLE production_reader;

EsCREATE ROLE sales_order_writer;
te
do
c
GO umen
to
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc G
2. Highlight the
itid code
as
o rre youuhave
a@
ille
rm
just typed and click Execute.
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.
Task 5: Grant Permissions to User-Defined Database Roles Using Transact-SQL

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 5/11
30/1/2019 Librería

1. Under the heading for Task 5, type the following code:

GRANT SELECT ON SCHEMA::Production TO production_reader;

GO
EsGRANT UPDATE ON Sales.OrderDetails TO sales_order_writer;
te
d
GO ocum
en
to
GRANT UPDATE pe ON Sales.Orders TO sales_order_writer;
rte
No lui ne
es s gu ce
GO tán ille aL
pe rm uis
rm o co Gu
itid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
2. Highlight the query you in have typed
au
peand click Execute.
ra.
tor
iza
ció
n.

Task 6: Add a Database Principal to a Role Using Transact-SQL

Es
te
do
cu
me
nt
1. Under theo pheading
ert
e
for Task 6, edit the query so that it reads:
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ill
as sales_reader erm ea
ALTER ROLElas @
gm o C ADD MEMBER internetsales_manager;
co ail orr
pia .co ea
ALTER ROLE production_reader
ss m Lo ADD MEMBER internetsales_manager;
in pe
au ra.
ALTER ROLE sales_order_writertor ADD MEMBER internetsales_manager;
iza
ció
n.
GO

2. EHighlight
ste the query you have typed and click Execute.
do
cu
me
3. Leave SQL n
to Server Management Studio open for the next exercise.
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
Result: At the end of
co this exercise,
pia
ail
.co
orr you will have created user-defined database
ea
ss m Lo
roles and assigned them to i n au database principals.
pe
ra
tor .
iza
ció
n.

Exercise 4: Verifying Security

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 6/11
30/1/2019 Librería

Task 1: Test IT Support Permissions

1. Minimize SQL Server Management Studio.

2. Click Start, type cmd, and then press Enter.

Es
te
do
3. cu command prompt, type the following command (which opens the sqlcmd
At the me
nto
pe
utility
N
as
l
ADVENTUREWORKS\AnthonyFrizzell),
rte
n
and then press Enter:
oe uis ec
stá gu ea
np ille Lu
rm is
erm Gu oc
itid ille orr
as rm ea
@ oC
runas /user:adventureworks\anthonyfrizzell
l /noprofile sqlcmd
as gm
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
4. When you are prompted for an.password, type Pa55w.rd, and then press Enter.
Wait for the connection to succeed and the SQLCMD window to open.

5. In the SQLCMD window, at the command prompt, type the following commands
Es
te
do
to verify
cu your identity, and then press Enter:
m en
to
pe
rte
No lui ne
es sg ce
tán u ille a
SELECT Lu
pe SUSER_NAME();
rm
o is
rm co Gu
itid rre ille
GO as a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
Note that SQL Server identifies
n. Windows group logins using their individual user
account, even though there is no individual login for that user.
ADVENTUREWORKS\AnthonyFrizzell is a member of the
EADVENTUREWORKS\IT_Support
ste
global group, which is in turn a member of
do
the ADVENTUREWORKS\Database_Managers
cu
me domain local group for which
nto
you created pe a login.
rte
No lui ne
es sg ce
tán uil aL
ler uis
6. In the pSQLCMD mo window,
erm co Gu at the command prompt, type the following commands
itid rre ille
as a@ rm
to alter the password las gmof theo C Marketing_Application
orr
login, and then press
co ail
pia .co ea
Enter: ss
in
m Lo
pe
au ra.
tor
iza
ció
n.
ALTER LOGIN Marketing_Application WITH PASSWORD =
'NewPa55w.rd';

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 7/11
30/1/2019 Librería

GO

7. In the SQLCMD window, at the command prompt, type the following commands
to disable the ADVENTUREWORKS\WebAplicationSvc login, and then press
EEnter:
ste
do
cu
m en
to
pe
rte
No lui ne
ALTER
es sg
LOGIN c[ADVENTUREWORKS\WebApplicationSvc]
ea DISABLE;
tán uil
ler Lu
pe mo is
GO rm co Gu
itid rre ille
as a@ rm
las o
gm Co
co ail rre
pia .co aL
ss m op
in era
. au
tor
8. In the SQLCMD window, at
iza the command prompt, type exit, and then press
ció
n .
Enter.

9. In SQL Server Management Studio, in Object Explorer, under MIA-SQL, under

ESecurity,
ste right-click Logins, and then click Refresh.
do
cu
me
10. Under Logins, nto right-click ADVENTUREWORKS\WebApplicationSvc, and then
pe
rte
No lui ne
click
es Properties.
sg
uil
ce
aL
tán ler
pe mo uis
rm co Gu
itid rre ille
11. In the Login as Properties
las
a @
gm
-rmADVENTUREWORKS\WebApplicationSvc
oC dialog
co ail orr
box, on the Status pia page,
ss
.co click eEnabled,
m aL and then click OK to re-enable the
in op
au e ra.
login. tor
iza
ció
n.

Task E2:
s
Test Sales Employee Permissions
te
do
cu
me
nto
pe
ten r
1. In
No the command
e
lui
sg ec prompt window, type the following command to run sqlcmd as
e
stá uil a
np erm Lu l
ADVENTUREWORKS\DanDrayton,
erm oc is
G and then press Enter. This user is a
itid orr uil
a@ e le
member of athe as gm
rm
s l ADVENTUREWORKS\Sales_NorthAmerica
oC global group,
co ail orr
.co
which is in turn apmember
ias
si
e
mof thea LADVENTUREWORKS\InternetSales_Users
op na era
uto .
domain group: riz
ac
ión
.

runas /user:adventureworks\dandrayton /noprofile sqlcmd

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 8/11
30/1/2019 Librería

2. At the command prompt, when you are prompted for a password, type
Pa55w.rd, and then press Enter.

3. In the SQLCMD window, at the command prompt, type the following commands
Eto
stequery the Sales.Orders table in the salesapp1 database table, and then
do
c
pressum Enter:
en
to
pe
rte
No lui ne
es sg ce
tán uil aL
ler uis
pe mo
SELECTrmiTOP tid
co
(10)
r rea
*GuFROM
ille salesapp1.Sales.Orders;
as @ rm
las gm oC
GO co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.
4. Verify that the user can query the Sales.Orders table.

5. In the SQLCMD window, at the command prompt, type the following commands
Eto
steupdate the Sales.Orders table in the salesapp1 database, and then press
do
Enter: cu
me
nto
pe
rte
No lui ne
es sgu ce
tán ille aL
UPDATE rm
pe salesapp1.Sales.Orders uis SET shippeddate = getdate() WHERE
rm o co Gu
itid rre ille
a
orderid =as l10257; as
@
gm
rm
oC
co ail orr
pia .co ea
GO ss m Lo
in pe
au ra.
tor
iza
ció
n.

6. Verify that the user does NOT have UPDATE permission on the Sales.Orders
table.
Es
te
7. do SQLCMD window, at the command prompt, type exit, and then press
In thecu
me
nto
Enter. pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
aL pia .co e
Task 3: Test Sales Manager
ss
in Permissions
m op
e au ra.
tor
iza
ció
n.
1. In the command prompt window, at the command prompt, type the following
command to run sqlcmd as ADVENTUREWORKS\ DeannaBall, and then

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 9/11
30/1/2019 Librería

press Enter. This user is a member of the

ADVENTUREWORKS\Sales_Managers global group, which is in turn a
member of the ADVENTUREWORKS\InternetSales_Managers domain group:

Esrunas /user:adventureworks\deannaball /noprofile sqlcmd

te
do
cu
me
nto
pe
rte
No lui ne
2. At ethe
stá command
sg
uil
ce prompt, when you are prompted for a password, type
aL
np ler uis
erm m o
Pa55w.rd,iti andcthen orr
ea
press
Gu
ille Enter.
da rm
sl @ oC
as gm
co ail orr
pia .co e
3. In the SQLCMD window, ss at
m the acommand
Lo prompt, type the following commands
in pe
au ra.
to query the Sales.Orders tor table in the salesapp1 database table, and then
iza
ció
n.
press Enter:

SELECT TOP (10) * FROM salesapp1.Sales.Orders;

Es
te
GOdocu
me
nto
pe
rte
No lui ne
es sg ce
tán uille aL
4. Verify pthat rm user ucan
erm the oc is
Gu query the Sales.Orders table.
o itid rre ille
asrm a@
oC
las gm
a orr
co
5. In the SQLCMD window,
pia
ss
il.c at the
om eacommand prompt, type the following commands
Lo
in pe
to query the Production.Suppliers
a u tor
rtable
a. in the salesapp1 database table, and
iza
ció
then press Enter: n.

SELECT TOP (10) * FROM salesapp1.Production.Suppliers;

Es
te
GO do
cu
me
nto
pe
rte
No lui ne
es sg ce
tán a uille
6. Verify pthat
e
the
rm userLucan
o is query the Production.Suppliers table.
rm co Gu
itid rre ille
as a@ rm
las gm o
7. ail at C
In the SQLCMDcowindow, the
orr command prompt, type the following commands
p . e ias co aL
m
sin
to update the Sales.Orders
au tableoin
pe the salesapp1 database, and then press
ra.
tor
iza
Enter: ció
n.

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 10/11
30/1/2019 Librería

UPDATE salesapp1.Sales.Orders SET shippeddate = getdate() WHERE

orderid = 10257;
GO

Es
8. te
Verify
do that the user has UPDATE permissions on the Sales.Orders table.
c um
en
to
ert p
9. In
N the SQLCMD
lu en window, at the command prompt, type exit, and then press
e
oe isg ce
stá uil aL
Enter. np ler
mo uis
erm co Gu
itid rre ille
as a@ rm
gm oC las
10. In the Command
co Promptail window,
orr at the command prompt, type exit, and then
pia .co ea
ss m Lo
press Enter. in
au
pe
ra.
tor
iza
ció
. n
11. Close SQL Server Management Studio without saving any changes.

Es
te
Result: doAt the end of this exercise, you will have verified your new security
cu
m
settings. ento
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.

Es
te
do
cu
me
nto
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 11/11