SlideShare a Scribd company logo

98_364_Slides_Lesson05.ppt

Download as PPT, PDF
R
RahafKhalid14

The document discusses database security and administration. It covers topics like database security concepts including permissions, logins, and accounts. It also discusses server-level security, database-level security, object permissions, and authentication. Additionally, it summarizes database server roles, backups, restores, and other administrative tasks.

1 of 27
Download to read offline
Administrating a Database Lesson 5
Objectives
Database Security • Security, like every other aspect of the database project, must be carefully designed, implemented, and tested. • Because security may affect the execution of some procedures, it must be taken into account when the project code is being developed. • A permission is used to grant an entity (such as a user access) to an object (such as another user or a database). • In SQL Server, the security model is based on what is referred to as “securables”.
Logins and Accounts • A login or logon is the process by which an individual’s access to a computer system is controlled by identification of that user using credentials provided by that user. • The most common login method is using a username and password. • A user account is a logical representation of a person within a electronic system.
Server-Level Security • The three different methods for which a user can be initially identified include: – Windows user login – Membership in a Windows user group – SQL Server-specific login (if the server uses mixed-mode security) • It is important to remember that at the SQL Server level, where the database resides, users are known by their login name. This can be a SQL Server login, Windows domain, or a username login choice.
Database-Level Security • Even though a user may belong to a fixed database role and have certain administrative level permissions, a user still cannot access the data without first being granted permission to the database object itself (e.g., tables, stored procedures, views, functions). • All users are automatically members of the public standard database role.
Object Permissions • Each object’s permission is assigned through either granting, revoking, or denying user login permissions. – Grant permission means the user can access the object. – Deny permission overrides a grant permission. – Revoke permission removes the permission assigned, regardless of whether it’s deny or grant.
SQL Server Service Account • There are three different types of accounts which are available for the SQL Server service account: – Local user account – Local system account – Domain user account
Authentication • Authentication is the act of establishing or confirming a user or system identity. • Windows Authentication mode is superior to mixed mode because users don’t need to learn yet another password and because it leverages the security design of the network.
SQL Accounts • SQL servers also support mixed mode, which allows you to connect to the SQL server using Windows authentication or SQL Server authentication. • A SQL Server login account and related passwords are defined on the SQL server and are not related to Active Directory or Windows accounts. • Associated with SQL authentication is the sa account, the built-in SQL administrator account associated with SQL authentication.
Database Server Roles • SQL Server includes fixed, predefined server roles: – Bulkadmin – Dbcreator – Diskadmin – Processadmin – Securityadmin – Serveradmin – Setupadmin – Sysadmin
Guest Logon Accounts • Any user who wishes to access a database but has not been declared a user within the database will automatically be granted the user privileges of the guest user, as long as the guest user account has been created. • The guest user account is not actually created when a database is created. It must be specifically added in through the SQL Server Management Studio interface or through a Transact-SQL statement.
Fixed Database Roles • SQL Server includes a few standard, or fixed, database roles – db_accessadmin – db_backupoperator – db_datareader – db_datawriter – db_ddladmin – db_denydatareader – db_denydatawriter – db_owner – db_securityadmin
Object Permissions • Object permissions are the permissions that allow a user to act on the database objects (such as tables, stored procedures, and views): – Select – Insert – Update – Delete – DRI (References) – Execute
Ownership Chains • In SQL Server databases, users often access data by going through one or several objects. • Ownership chains apply to views, stored procedures, and user-defined functions. • If the ownership chain is broken (meaning there’s a different owner between an object and the next lower object), SQL Server checks the user’s permission for every object accessed.
Backups • The purpose of a database backup is so that you have something to restore if data is lost during a business’s daily routine. • A user may accidentally delete a table or a database administrator may need to restore multiple tables on different servers in order to combine them into one database. • The need for a database backup and restore plan for a business are immediate and far reaching.
Types of Backups • Full backup: A full backup contains all the data in a specific database or set of filegroups or files, and also enough log to allow for recovering that data. • Differential backup: . A differential backup contains only the data that has changed since the differential base. • Incremental backup: An incremental backup is based on the last backup of the data. An incremental backup contains only the data that has changed since the last full or incremental backup.
Partial Backups • Partial and differential partial backups are designed to provide more flexibility for backing up databases that contain some read-only filegroups under the simple recovery model.
File Backups • The files in a database can be backed up and restored individually. • Using file backups can increase the speed of recovery by letting you restore only damaged files without requiring you to restore the rest of the database.
Backup Devices • SQL Server backups are created on backup devices, such as disk files or tape media. • You can append new backups to any existing backups on a device or overwrite any existing backups.
Database Restores • Restore scenarios include the following: – Complete database restore – File restore – Page restore – Piecemeal restore – Recovery only – Transaction log restore – Create a mirror database – Create and maintain a standby server
Summary • The end result of working with database security is to ensure the rights and responsibilities given to users, through creating users and roles, is enforced through a security plan. • A permission is used to grant an entity (such as a user) access to an object (such as another user or a database). • A login or logon is the process by which individual access to a computer system is controlled by identification of the user using credentials provided by the user. The most common login method is using a username and password.
Summary • A user account is a logical representation of a person within a electronic system. • Even though a user may belong to a fixed database role and have certain administrative-level permissions, a user still cannot access the data without first being granted permission to the database object itself (e.g., tables, stored procedures, views, functions). • Each object’s permission is assigned through either granting, revoking, or denying user login permissions. • Authentication is the act of establishing or confirming a user or system identity.
Summary • Windows Authentication mode is superior to mixed mode because users don’t need to learn yet another password and because it leverages the security design of the network. • Associated with SQL authentication is the sa account, which is the built-in SQL administrator account associated with SQL authentication. • SQL Server includes fixed, predefined server roles. Primarily, these roles grant permission to perform certain server-related administrative tasks.
Summary • Sysadmin can perform any activity in the SQL Server installation, regardless of any other permission setting. The sysadmin role even overrides denied permissions on an object. • The public role is a fixed role, but it can have object permissions like a standard role. Every user is automatically a member of the public role and cannot be removed, so the public role serves as a baseline or minimum permission level.
Summary • Users must be explicitly granted access to any user database. • The db_owner is a special role that has all permissions in the database. • An application role is a database-specific role intended to allow an application to gain access regardless of the user. • The purpose of a database backup is so that you have something to restore if data is lost during a business’s daily routine.
Summary • A user may accidentally delete a table or a database administrator may need to restore multiple tables on different servers in order to combine them into one database. • Full backups contain all the data in a specific database or set of filegroups or files and also enough log data to allow for recovering that data. • Differential backups only backs-up data since the last full backup. • Incremental backups only backs-up up data since the last full or incremental backup.
Ad

Recommended

03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
KareemBullard1
 
Database Security and Management Systems
Database Security and Management SystemsDatabase Security and Management Systems
Database Security and Management Systems
IsmaelKakaRealsoft
 
Less06 users
Less06 usersLess06 users
Less06 users
Imran Ali
 
Geek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data AccessGeek Sync | Handling HIPAA Compliance with Your Data Access
Geek Sync | Handling HIPAA Compliance with Your Data Access
IDERA Software
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
Szymon Skorupinski
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
InterSystems Corporation
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
IDERA Software
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
 
Beginning Of DBMS (data base)
Beginning Of DBMS (data base)Beginning Of DBMS (data base)
Beginning Of DBMS (data base)
Surya Swaroop
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4
Sadegh Nakhjavani
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
CST204 DBMSMODULE1 PPT (1).pptx
CST204 DBMSMODULE1 PPT (1).pptxCST204 DBMSMODULE1 PPT (1).pptx
CST204 DBMSMODULE1 PPT (1).pptx
MEGHANA508383
 
Introduction to Database Management System.pdf
Introduction to Database Management System.pdfIntroduction to Database Management System.pdf
Introduction to Database Management System.pdf
biswajit62002
 
Mysqlsecurityoptionsjan2021
Mysqlsecurityoptionsjan2021Mysqlsecurityoptionsjan2021
Mysqlsecurityoptionsjan2021
sepehrdamavandi2
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
SpanishPASSVC
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Introduction of database management system
Introduction of database management systemIntroduction of database management system
Introduction of database management system
anjanasharma77573
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
Dhani Ahmad
 
Azure sql database limitations
Azure sql database limitationsAzure sql database limitations
Azure sql database limitations
BRIJESH KUMAR
 
Functions of database management systems
Functions of database management systemsFunctions of database management systems
Functions of database management systems
UZAIR UDDIN SHAIKH
 
Database management system lecture notes
Database management system lecture notesDatabase management system lecture notes
Database management system lecture notes
UTSAHSINGH2
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
SQL Server Basics Hello world iam here.ppt
SQL Server Basics Hello world iam here.pptSQL Server Basics Hello world iam here.ppt
SQL Server Basics Hello world iam here.ppt
nanisaketh
 
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
BIOVIA
 
Unit 2 oracle9i
Unit 2 oracle9i Unit 2 oracle9i
Unit 2 oracle9i
DrkhanchanaR
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 
DPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdfDPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdf
inmishra17121973
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
Ad

More Related Content

Similar to 98_364_Slides_Lesson05.ppt (20)

Beginning Of DBMS (data base)
Beginning Of DBMS (data base)Beginning Of DBMS (data base)
Beginning Of DBMS (data base)
Surya Swaroop
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4
Sadegh Nakhjavani
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
CST204 DBMSMODULE1 PPT (1).pptx
CST204 DBMSMODULE1 PPT (1).pptxCST204 DBMSMODULE1 PPT (1).pptx
CST204 DBMSMODULE1 PPT (1).pptx
MEGHANA508383
 
Introduction to Database Management System.pdf
Introduction to Database Management System.pdfIntroduction to Database Management System.pdf
Introduction to Database Management System.pdf
biswajit62002
 
Mysqlsecurityoptionsjan2021
Mysqlsecurityoptionsjan2021Mysqlsecurityoptionsjan2021
Mysqlsecurityoptionsjan2021
sepehrdamavandi2
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
SpanishPASSVC
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Introduction of database management system
Introduction of database management systemIntroduction of database management system
Introduction of database management system
anjanasharma77573
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
Dhani Ahmad
 
Azure sql database limitations
Azure sql database limitationsAzure sql database limitations
Azure sql database limitations
BRIJESH KUMAR
 
Functions of database management systems
Functions of database management systemsFunctions of database management systems
Functions of database management systems
UZAIR UDDIN SHAIKH
 
Database management system lecture notes
Database management system lecture notesDatabase management system lecture notes
Database management system lecture notes
UTSAHSINGH2
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
SQL Server Basics Hello world iam here.ppt
SQL Server Basics Hello world iam here.pptSQL Server Basics Hello world iam here.ppt
SQL Server Basics Hello world iam here.ppt
nanisaketh
 
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
BIOVIA
 
Unit 2 oracle9i
Unit 2 oracle9i Unit 2 oracle9i
Unit 2 oracle9i
DrkhanchanaR
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 
Beginning Of DBMS (data base)
Beginning Of DBMS (data base)Beginning Of DBMS (data base)
Beginning Of DBMS (data base)
Surya Swaroop
 
Mcts chapter 4
Mcts chapter 4Mcts chapter 4
Mcts chapter 4
Sadegh Nakhjavani
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
CST204 DBMSMODULE1 PPT (1).pptx
CST204 DBMSMODULE1 PPT (1).pptxCST204 DBMSMODULE1 PPT (1).pptx
CST204 DBMSMODULE1 PPT (1).pptx
MEGHANA508383
 
Introduction to Database Management System.pdf
Introduction to Database Management System.pdfIntroduction to Database Management System.pdf
Introduction to Database Management System.pdf
biswajit62002
 
Mysqlsecurityoptionsjan2021
Mysqlsecurityoptionsjan2021Mysqlsecurityoptionsjan2021
Mysqlsecurityoptionsjan2021
sepehrdamavandi2
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
SpanishPASSVC
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Introduction of database management system
Introduction of database management systemIntroduction of database management system
Introduction of database management system
anjanasharma77573
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Database administration and security
Database administration and securityDatabase administration and security
Database administration and security
Dhani Ahmad
 
Azure sql database limitations
Azure sql database limitationsAzure sql database limitations
Azure sql database limitations
BRIJESH KUMAR
 
Functions of database management systems
Functions of database management systemsFunctions of database management systems
Functions of database management systems
UZAIR UDDIN SHAIKH
 
Database management system lecture notes
Database management system lecture notesDatabase management system lecture notes
Database management system lecture notes
UTSAHSINGH2
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
SQL Server Basics Hello world iam here.ppt
SQL Server Basics Hello world iam here.pptSQL Server Basics Hello world iam here.ppt
SQL Server Basics Hello world iam here.ppt
nanisaketh
 
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
(ATS3-APP08) Top 10 things every Symyx Notebook by Accelrys Administrator sho...
BIOVIA
 
Unit 2 oracle9i
Unit 2 oracle9i Unit 2 oracle9i
Unit 2 oracle9i
DrkhanchanaR
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 

Recently uploaded (20)

DPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdfDPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdf
inmishra17121973
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
Calories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptxCalories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptx
TijiLMAHESHWARI
 
FPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptxFPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptx
ssuser4ef83d
 
Medical Dataset including visualizations
Medical Dataset including visualizationsMedical Dataset including visualizations
Medical Dataset including visualizations
vishrut8750588758
 
03 Daniel 2-notes.ppt seminario escatologia
03 Daniel 2-notes.ppt seminario escatologia03 Daniel 2-notes.ppt seminario escatologia
03 Daniel 2-notes.ppt seminario escatologia
Alexander Romero Arosquipa
 
Cleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdfCleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdf
alcinialbob1234
 
C++_OOPs_DSA1_Presentation_Template.pptx
C++_OOPs_DSA1_Presentation_Template.pptxC++_OOPs_DSA1_Presentation_Template.pptx
C++_OOPs_DSA1_Presentation_Template.pptx
aquibnoor22079
 
Defense Against LLM Scheming 2025_04_28.pptx
Defense Against LLM Scheming 2025_04_28.pptxDefense Against LLM Scheming 2025_04_28.pptx
Defense Against LLM Scheming 2025_04_28.pptx
Greg Makowski
 
chapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.pptchapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.ppt
justinebandajbn
 
Template_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Template_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnTemplate_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Template_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
cegiver630
 
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdfIAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
mcgardenlevi9
 
Principles of information security Chapter 5.ppt
Principles of information security Chapter 5.pptPrinciples of information security Chapter 5.ppt
Principles of information security Chapter 5.ppt
EstherBaguma
 
computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.pptJust-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
ssuser5f8f49
 
chapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptxchapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptx
justinebandajbn
 
Digilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptxDigilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptx
satnamsadguru491
 
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Abodahab
 
Data Analytics Overview and its applications
Data Analytics Overview and its applicationsData Analytics Overview and its applications
Data Analytics Overview and its applications
JanmejayaMishra7
 
Developing Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response ApplicationsDeveloping Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response Applications
VICTOR MAESTRE RAMIREZ
 
DPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdfDPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdf
inmishra17121973
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
Calories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptxCalories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptx
TijiLMAHESHWARI
 
FPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptxFPET_Implementation_2_MA to 360 Engage Direct.pptx
FPET_Implementation_2_MA to 360 Engage Direct.pptx
ssuser4ef83d
 
Medical Dataset including visualizations
Medical Dataset including visualizationsMedical Dataset including visualizations
Medical Dataset including visualizations
vishrut8750588758
 
03 Daniel 2-notes.ppt seminario escatologia
03 Daniel 2-notes.ppt seminario escatologia03 Daniel 2-notes.ppt seminario escatologia
03 Daniel 2-notes.ppt seminario escatologia
Alexander Romero Arosquipa
 
Cleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdfCleaned_Lecture 6666666_Simulation_I.pdf
Cleaned_Lecture 6666666_Simulation_I.pdf
alcinialbob1234
 
C++_OOPs_DSA1_Presentation_Template.pptx
C++_OOPs_DSA1_Presentation_Template.pptxC++_OOPs_DSA1_Presentation_Template.pptx
C++_OOPs_DSA1_Presentation_Template.pptx
aquibnoor22079
 
Defense Against LLM Scheming 2025_04_28.pptx
Defense Against LLM Scheming 2025_04_28.pptxDefense Against LLM Scheming 2025_04_28.pptx
Defense Against LLM Scheming 2025_04_28.pptx
Greg Makowski
 
chapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.pptchapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.ppt
justinebandajbn
 
Template_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Template_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnTemplate_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Template_A3nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
cegiver630
 
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdfIAS-slides2-ia-aaaaaaaaaaain-business.pdf
IAS-slides2-ia-aaaaaaaaaaain-business.pdf
mcgardenlevi9
 
Principles of information security Chapter 5.ppt
Principles of information security Chapter 5.pptPrinciples of information security Chapter 5.ppt
Principles of information security Chapter 5.ppt
EstherBaguma
 
computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.pptJust-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
ssuser5f8f49
 
chapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptxchapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptx
justinebandajbn
 
Digilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptxDigilocker under workingProcess Flow.pptx
Digilocker under workingProcess Flow.pptx
satnamsadguru491
 
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Day 1 - Lab 1 Reconnaissance Scanning with NMAP, Vulnerability Assessment wit...
Abodahab
 
Data Analytics Overview and its applications
Data Analytics Overview and its applicationsData Analytics Overview and its applications
Data Analytics Overview and its applications
JanmejayaMishra7
 
Developing Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response ApplicationsDeveloping Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response Applications
VICTOR MAESTRE RAMIREZ
 
Ad

98_364_Slides_Lesson05.ppt

  • 3. Database Security • Security, like every other aspect of the database project, must be carefully designed, implemented, and tested. • Because security may affect the execution of some procedures, it must be taken into account when the project code is being developed. • A permission is used to grant an entity (such as a user access) to an object (such as another user or a database). • In SQL Server, the security model is based on what is referred to as “securables”.
  • 4. Logins and Accounts • A login or logon is the process by which an individual’s access to a computer system is controlled by identification of that user using credentials provided by that user. • The most common login method is using a username and password. • A user account is a logical representation of a person within a electronic system.
  • 5. Server-Level Security • The three different methods for which a user can be initially identified include: – Windows user login – Membership in a Windows user group – SQL Server-specific login (if the server uses mixed-mode security) • It is important to remember that at the SQL Server level, where the database resides, users are known by their login name. This can be a SQL Server login, Windows domain, or a username login choice.
  • 6. Database-Level Security • Even though a user may belong to a fixed database role and have certain administrative level permissions, a user still cannot access the data without first being granted permission to the database object itself (e.g., tables, stored procedures, views, functions). • All users are automatically members of the public standard database role.
  • 7. Object Permissions • Each object’s permission is assigned through either granting, revoking, or denying user login permissions. – Grant permission means the user can access the object. – Deny permission overrides a grant permission. – Revoke permission removes the permission assigned, regardless of whether it’s deny or grant.
  • 8. SQL Server Service Account • There are three different types of accounts which are available for the SQL Server service account: – Local user account – Local system account – Domain user account
  • 9. Authentication • Authentication is the act of establishing or confirming a user or system identity. • Windows Authentication mode is superior to mixed mode because users don’t need to learn yet another password and because it leverages the security design of the network.
  • 10. SQL Accounts • SQL servers also support mixed mode, which allows you to connect to the SQL server using Windows authentication or SQL Server authentication. • A SQL Server login account and related passwords are defined on the SQL server and are not related to Active Directory or Windows accounts. • Associated with SQL authentication is the sa account, the built-in SQL administrator account associated with SQL authentication.
  • 11. Database Server Roles • SQL Server includes fixed, predefined server roles: – Bulkadmin – Dbcreator – Diskadmin – Processadmin – Securityadmin – Serveradmin – Setupadmin – Sysadmin
  • 12. Guest Logon Accounts • Any user who wishes to access a database but has not been declared a user within the database will automatically be granted the user privileges of the guest user, as long as the guest user account has been created. • The guest user account is not actually created when a database is created. It must be specifically added in through the SQL Server Management Studio interface or through a Transact-SQL statement.
  • 13. Fixed Database Roles • SQL Server includes a few standard, or fixed, database roles – db_accessadmin – db_backupoperator – db_datareader – db_datawriter – db_ddladmin – db_denydatareader – db_denydatawriter – db_owner – db_securityadmin
  • 14. Object Permissions • Object permissions are the permissions that allow a user to act on the database objects (such as tables, stored procedures, and views): – Select – Insert – Update – Delete – DRI (References) – Execute
  • 15. Ownership Chains • In SQL Server databases, users often access data by going through one or several objects. • Ownership chains apply to views, stored procedures, and user-defined functions. • If the ownership chain is broken (meaning there’s a different owner between an object and the next lower object), SQL Server checks the user’s permission for every object accessed.
  • 16. Backups • The purpose of a database backup is so that you have something to restore if data is lost during a business’s daily routine. • A user may accidentally delete a table or a database administrator may need to restore multiple tables on different servers in order to combine them into one database. • The need for a database backup and restore plan for a business are immediate and far reaching.
  • 17. Types of Backups • Full backup: A full backup contains all the data in a specific database or set of filegroups or files, and also enough log to allow for recovering that data. • Differential backup: . A differential backup contains only the data that has changed since the differential base. • Incremental backup: An incremental backup is based on the last backup of the data. An incremental backup contains only the data that has changed since the last full or incremental backup.
  • 18. Partial Backups • Partial and differential partial backups are designed to provide more flexibility for backing up databases that contain some read-only filegroups under the simple recovery model.
  • 19. File Backups • The files in a database can be backed up and restored individually. • Using file backups can increase the speed of recovery by letting you restore only damaged files without requiring you to restore the rest of the database.
  • 20. Backup Devices • SQL Server backups are created on backup devices, such as disk files or tape media. • You can append new backups to any existing backups on a device or overwrite any existing backups.
  • 21. Database Restores • Restore scenarios include the following: – Complete database restore – File restore – Page restore – Piecemeal restore – Recovery only – Transaction log restore – Create a mirror database – Create and maintain a standby server
  • 22. Summary • The end result of working with database security is to ensure the rights and responsibilities given to users, through creating users and roles, is enforced through a security plan. • A permission is used to grant an entity (such as a user) access to an object (such as another user or a database). • A login or logon is the process by which individual access to a computer system is controlled by identification of the user using credentials provided by the user. The most common login method is using a username and password.
  • 23. Summary • A user account is a logical representation of a person within a electronic system. • Even though a user may belong to a fixed database role and have certain administrative-level permissions, a user still cannot access the data without first being granted permission to the database object itself (e.g., tables, stored procedures, views, functions). • Each object’s permission is assigned through either granting, revoking, or denying user login permissions. • Authentication is the act of establishing or confirming a user or system identity.
  • 24. Summary • Windows Authentication mode is superior to mixed mode because users don’t need to learn yet another password and because it leverages the security design of the network. • Associated with SQL authentication is the sa account, which is the built-in SQL administrator account associated with SQL authentication. • SQL Server includes fixed, predefined server roles. Primarily, these roles grant permission to perform certain server-related administrative tasks.
  • 25. Summary • Sysadmin can perform any activity in the SQL Server installation, regardless of any other permission setting. The sysadmin role even overrides denied permissions on an object. • The public role is a fixed role, but it can have object permissions like a standard role. Every user is automatically a member of the public role and cannot be removed, so the public role serves as a baseline or minimum permission level.
  • 26. Summary • Users must be explicitly granted access to any user database. • The db_owner is a special role that has all permissions in the database. • An application role is a database-specific role intended to allow an application to gain access regardless of the user. • The purpose of a database backup is so that you have something to restore if data is lost during a business’s daily routine.
  • 27. Summary • A user may accidentally delete a table or a database administrator may need to restore multiple tables on different servers in order to combine them into one database. • Full backups contain all the data in a specific database or set of filegroups or files and also enough log data to allow for recovering that data. • Differential backups only backs-up data since the last full backup. • Incremental backups only backs-up up data since the last full or incremental backup.

Editor's Notes

  • #11: Since it is less secure than Windows logins, it is recommended to avoid mixed mode. However, it is available for backward compatibility.