SlideShare a Scribd company logo

SQL: Permissions and Data Protection

LearnNowOnline, profile picture
LearnNowOnline

This document covers SQL Server permissions and data protection, emphasizing the importance of granular control and encryption. It details different permission types, granting processes, execution contexts, ownership chaining, and metadata security to enhance database security. The agenda includes discussions on permissions, data encryption, and concludes with a note on security measures.

Technology
1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
SQL: Permissions & Data Protection Part 1 http://www.LearnNowOnline.com Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Objectives • Understand permissions in SQL Server and how they provide granular control over data and objects • Learn how to provide a final layer of defense by encrypting data Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Permissions • Data Encryption • Security Epilogue Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Permissions • Like a visa for visiting a foreign country • Gives a principal some kind of access to a securable object • Follow the principle of least privilege • Major step in securing a database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Permission Types • A few common types • IMPERSONATE • CONTROL • INSERT • CREATE • SELECT • ALTER • TAKE OWNERSHIP • ALTER ANY <objecttype> • UPDATE • DELETE • VIEW DEFINITION Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Permission Statements • Three types of statements • GRANT • REVOKE • DENY • Denying permissions is powerful Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Granting Permissions • Easiest way to grant permissions in Management Studio: modify user or role • Can also modify properties of individual objects • Same effect, but tedious Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Roles, Permissions, and Schemas • Fully qualified database object name: server.database.schema.object • Schema • Can assign permissions to schema • Can set a default schema for a user Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Default Schemas • Schema is a container for database objects • Owned by a principal • Benefit: better management of object ownership Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Default Schemas for Users • SQL Server doesn’t automatically create a schema with same name as user • Have to explicitly create it, assign ownership, and add objects • Normally, you should assign a default user Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Default Schemas for Groups • Default schemas for users solved a problem • But created a problematic side effect • Default schemas for groups solves that new problem Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Execution Context • SQL Server follows a procedure to ensure user has permissions to execute code • Exception is when code owner has permissions on underlying objects • Steps 1. Verify caller has EXECUTE permission 2. Check if code owner owns all underlying objects 3. If not, check if user has permissions 4. If have permissions, execute code 5. If doesn’t have permissions, raise error, don’t execute Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Ownership Chaining • Owner of code owns underlying objects • If not: broken ownership chain • Generally easier to write code with unbroken ownership chains • Now can change the security execution context of code Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Changing the Execution Context • Don’t always want caller’s permissions used to validate permissions in broken ownership chain • Can change in any code except inline table-valued function • Options • EXECUTE AS CALLER • EXECUTE AS <user>/<login> • EXECUTE AS SELF • EXECUTE AS OWNER • Must have IMPERSONATE permission Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Metadata Security • Earlier versions of SQL Server made it easy for an attacker to explore structure of database • Just needed any access to database • Metadata is as secure as data is Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
Agenda • Permissions • Data Encryption • Security Epilogue Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
End of Part 1 http://www.LearnNowOnline.com Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

More Related Content

PDF
Word press as your company website
Kelli Wise
 
PPTX
Chris OBrien - Pitfalls when developing with the SharePoint Framework (SPFx)
Chris O'Brien
 
PDF
Take a load off! Load testing your Oracle APEX or JDeveloper web applications
Sage Computing Services
 
PDF
Custom Tile Generation in PCF
Dustin Ruehle
 
PPTX
Securing SharePoint Apps with OAuth
Kashif Imran
 
PDF
Git and Github - a 90 Minute interactive workshop
Bram Luyten
 
PPTX
Chris O'Brien - Best bits of Azure for Office 365/SharePoint developers
Chris O'Brien
 
PDF
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 
Word press as your company website
Kelli Wise
 
Chris OBrien - Pitfalls when developing with the SharePoint Framework (SPFx)
Chris O'Brien
 
Take a load off! Load testing your Oracle APEX or JDeveloper web applications
Sage Computing Services
 
Custom Tile Generation in PCF
Dustin Ruehle
 
Securing SharePoint Apps with OAuth
Kashif Imran
 
Git and Github - a 90 Minute interactive workshop
Bram Luyten
 
Chris O'Brien - Best bits of Azure for Office 365/SharePoint developers
Chris O'Brien
 
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 

What's hot (20)

PDF
Microservices Architecture for AEM
Maciej Majchrzak
 
PDF
Beyond Domino Designer
Paul Withers
 
PPTX
Chris O'Brien - Modern SharePoint development: techniques for moving code off...
Chris O'Brien
 
PDF
Designing your API Server for mobile apps
Mugunth Kumar
 
PPTX
Chris O'Brien - Comparing SharePoint add-ins (apps) with Office 365 apps
Chris O'Brien
 
PPTX
Automated Testing for Websites With Selenium IDE
Robert Greiner
 
PPT
Windows Azure Essentials V3
Michele Leroux Bustamante
 
PDF
AEM Asset and Tag API
Lokesh BS
 
PPTX
Vaadin filtering table example
leonardsiu
 
PPTX
Active Directory Single Sign-On with IBM
Van Staub, MBA
 
PPTX
Selenium WebDriver - Test automation for web applications
TSundberg
 
PPTX
SharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
Ricardo Wilkins
 
PDF
Cross-Platform Desktop Apps with Electron (Condensed Version)
David Neal
 
PPTX
Chris OBrien - Weaving Enterprise Solutions into Office Products
Chris O'Brien
 
PPTX
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
PDF
Automated testing APEX Applications
Roel Hartman
 
PDF
O365Con18 - Automate your Tasks through Azure Functions - Elio Struyf
NCCOMMS
 
PPTX
Aws User Group Singapore Presentation Oct-21-2020
Varun Manik
 
PPT
Drupal Bootcamp Mcn2008
Robert J. Stein
 
PPTX
COB - Azure Functions for Office 365 developers
Chris O'Brien
 
Microservices Architecture for AEM
Maciej Majchrzak
 
Beyond Domino Designer
Paul Withers
 
Chris O'Brien - Modern SharePoint development: techniques for moving code off...
Chris O'Brien
 
Designing your API Server for mobile apps
Mugunth Kumar
 
Chris O'Brien - Comparing SharePoint add-ins (apps) with Office 365 apps
Chris O'Brien
 
Automated Testing for Websites With Selenium IDE
Robert Greiner
 
Windows Azure Essentials V3
Michele Leroux Bustamante
 
AEM Asset and Tag API
Lokesh BS
 
Vaadin filtering table example
leonardsiu
 
Active Directory Single Sign-On with IBM
Van Staub, MBA
 
Selenium WebDriver - Test automation for web applications
TSundberg
 
SharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
Ricardo Wilkins
 
Cross-Platform Desktop Apps with Electron (Condensed Version)
David Neal
 
Chris OBrien - Weaving Enterprise Solutions into Office Products
Chris O'Brien
 
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
Automated testing APEX Applications
Roel Hartman
 
O365Con18 - Automate your Tasks through Azure Functions - Elio Struyf
NCCOMMS
 
Aws User Group Singapore Presentation Oct-21-2020
Varun Manik
 
Drupal Bootcamp Mcn2008
Robert J. Stein
 
COB - Azure Functions for Office 365 developers
Chris O'Brien
 
Ad

Viewers also liked (8)

KEY
WPF Binding
LearnNowOnline
 
KEY
WPF: Working with Data
LearnNowOnline
 
KEY
Asynchronous Programming
LearnNowOnline
 
PPT
New in the Visual Studio 2012 IDE
LearnNowOnline
 
PPT
Windows 8: Shapes and Geometries
LearnNowOnline
 
KEY
Attributes, reflection, and dynamic programming
LearnNowOnline
 
PDF
Lesson 5 security
Ram Kedem
 
PPT
SQL Tutorial - Basic Commands
1keydata
 
WPF Binding
LearnNowOnline
 
WPF: Working with Data
LearnNowOnline
 
Asynchronous Programming
LearnNowOnline
 
New in the Visual Studio 2012 IDE
LearnNowOnline
 
Windows 8: Shapes and Geometries
LearnNowOnline
 
Attributes, reflection, and dynamic programming
LearnNowOnline
 
Lesson 5 security
Ram Kedem
 
SQL Tutorial - Basic Commands
1keydata
 
Ad

Similar to SQL: Permissions and Data Protection (20)

KEY
SQL Server: Security
LearnNowOnline
 
PPTX
Introduction to cypress in Angular (Chinese)
Hong Tat Yew
 
PPTX
Sharing and security in Salesforce
Saurabh Kulkarni
 
PDF
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
Markus Eisele
 
PPSX
apex security demo.ppsx
siavosh kaviani
 
PDF
Cache Security- The Basics
InterSystems Corporation
 
KEY
What's new in Silverlight 5
LearnNowOnline
 
PPTX
Oracle Database
Mayank Garg
 
PDF
Five Enterprise Development Best Practices That EVERY Salesforce Org Can Use
Salesforce Developers
 
PPTX
8 cloud design patterns you ought to know - Update Conference 2018
Taswar Bhatti
 
PDF
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
KEY
Object-Oriented JavaScript
LearnNowOnline
 
PPTX
Five Enterprise Best Practices That EVERY Salesforce Org Can Use (DF15 Session)
Vivek Chawla
 
PPTX
Power of Azure Devops
Azure Riyadh User Group
 
PPTX
Oracle database threats - LAOUC Webinar
Osama Mustafa
 
PPTX
Cloud Platforms for Java
3Pillar Global
 
KEY
SharePoint Document Management
LearnNowOnline
 
PPTX
Cloud patterns at Carleton University
Taswar Bhatti
 
PDF
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
PDF
Tech Talk on Cloud Computing
ITviec
 
SQL Server: Security
LearnNowOnline
 
Introduction to cypress in Angular (Chinese)
Hong Tat Yew
 
Sharing and security in Salesforce
Saurabh Kulkarni
 
THEFT-PROOF JAVA EE - SECURING YOUR JAVA EE APPLICATIONS
Markus Eisele
 
apex security demo.ppsx
siavosh kaviani
 
Cache Security- The Basics
InterSystems Corporation
 
What's new in Silverlight 5
LearnNowOnline
 
Oracle Database
Mayank Garg
 
Five Enterprise Development Best Practices That EVERY Salesforce Org Can Use
Salesforce Developers
 
8 cloud design patterns you ought to know - Update Conference 2018
Taswar Bhatti
 
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
Object-Oriented JavaScript
LearnNowOnline
 
Five Enterprise Best Practices That EVERY Salesforce Org Can Use (DF15 Session)
Vivek Chawla
 
Power of Azure Devops
Azure Riyadh User Group
 
Oracle database threats - LAOUC Webinar
Osama Mustafa
 
Cloud Platforms for Java
3Pillar Global
 
SharePoint Document Management
LearnNowOnline
 
Cloud patterns at Carleton University
Taswar Bhatti
 
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
Tech Talk on Cloud Computing
ITviec
 

More from LearnNowOnline (20)

KEY
A tour of SQL Server
LearnNowOnline
 
KEY
Introducing LINQ
LearnNowOnline
 
KEY
Generics
LearnNowOnline
 
KEY
Object oriented techniques
LearnNowOnline
 
KEY
SharePoint: Introduction to InfoPath
LearnNowOnline
 
KEY
Managing site collections
LearnNowOnline
 
KEY
Web API HTTP Pipeline
LearnNowOnline
 
KEY
Web API Basics
LearnNowOnline
 
KEY
Sql 2012 development and programming
LearnNowOnline
 
KEY
KnockOutJS with ASP.NET MVC
LearnNowOnline
 
KEY
Expression Blend Motion & Interaction Design
LearnNowOnline
 
KEY
The Entity Data Model
LearnNowOnline
 
KEY
Introducing the Entity Framework
LearnNowOnline
 
KEY
Introduction to ASP.NET MVC
LearnNowOnline
 
KEY
Working with Controllers and Actions in MVC
LearnNowOnline
 
KEY
Creating a User Interface
LearnNowOnline
 
KEY
Building Windows 8 Metro Style Applications Using JavaScript and HTML5
LearnNowOnline
 
KEY
.Net branching and flow control
LearnNowOnline
 
KEY
Using The .NET Framework
LearnNowOnline
 
KEY
.NET Variables and Data Types
LearnNowOnline
 
A tour of SQL Server
LearnNowOnline
 
Introducing LINQ
LearnNowOnline
 
Generics
LearnNowOnline
 
Object oriented techniques
LearnNowOnline
 
SharePoint: Introduction to InfoPath
LearnNowOnline
 
Managing site collections
LearnNowOnline
 
Web API HTTP Pipeline
LearnNowOnline
 
Web API Basics
LearnNowOnline
 
Sql 2012 development and programming
LearnNowOnline
 
KnockOutJS with ASP.NET MVC
LearnNowOnline
 
Expression Blend Motion & Interaction Design
LearnNowOnline
 
The Entity Data Model
LearnNowOnline
 
Introducing the Entity Framework
LearnNowOnline
 
Introduction to ASP.NET MVC
LearnNowOnline
 
Working with Controllers and Actions in MVC
LearnNowOnline
 
Creating a User Interface
LearnNowOnline
 
Building Windows 8 Metro Style Applications Using JavaScript and HTML5
LearnNowOnline
 
.Net branching and flow control
LearnNowOnline
 
Using The .NET Framework
LearnNowOnline
 
.NET Variables and Data Types
LearnNowOnline
 

Recently uploaded (20)

PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Approach and Philosophy of On baking technology
30anthuong17
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Cloud computing and distributed systems.
kkkkkhan
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Teaching material agriculture food technology
LiaRayya
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

SQL: Permissions and Data Protection

  • 1. SQL: Permissions & Data Protection Part 1 http://www.LearnNowOnline.com Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 2. Objectives • Understand permissions in SQL Server and how they provide granular control over data and objects • Learn how to provide a final layer of defense by encrypting data Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 3. Agenda • Permissions • Data Encryption • Security Epilogue Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 4. Permissions • Like a visa for visiting a foreign country • Gives a principal some kind of access to a securable object • Follow the principle of least privilege • Major step in securing a database Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 5. Permission Types • A few common types • IMPERSONATE • CONTROL • INSERT • CREATE • SELECT • ALTER • TAKE OWNERSHIP • ALTER ANY <objecttype> • UPDATE • DELETE • VIEW DEFINITION Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 6. Permission Statements • Three types of statements • GRANT • REVOKE • DENY • Denying permissions is powerful Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 7. Granting Permissions • Easiest way to grant permissions in Management Studio: modify user or role • Can also modify properties of individual objects • Same effect, but tedious Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 8. Roles, Permissions, and Schemas • Fully qualified database object name: server.database.schema.object • Schema • Can assign permissions to schema • Can set a default schema for a user Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 9. Default Schemas • Schema is a container for database objects • Owned by a principal • Benefit: better management of object ownership Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 10. Default Schemas for Users • SQL Server doesn’t automatically create a schema with same name as user • Have to explicitly create it, assign ownership, and add objects • Normally, you should assign a default user Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 11. Default Schemas for Groups • Default schemas for users solved a problem • But created a problematic side effect • Default schemas for groups solves that new problem Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 12. Execution Context • SQL Server follows a procedure to ensure user has permissions to execute code • Exception is when code owner has permissions on underlying objects • Steps 1. Verify caller has EXECUTE permission 2. Check if code owner owns all underlying objects 3. If not, check if user has permissions 4. If have permissions, execute code 5. If doesn’t have permissions, raise error, don’t execute Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 13. Ownership Chaining • Owner of code owns underlying objects • If not: broken ownership chain • Generally easier to write code with unbroken ownership chains • Now can change the security execution context of code Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 14. Changing the Execution Context • Don’t always want caller’s permissions used to validate permissions in broken ownership chain • Can change in any code except inline table-valued function • Options • EXECUTE AS CALLER • EXECUTE AS <user>/<login> • EXECUTE AS SELF • EXECUTE AS OWNER • Must have IMPERSONATE permission Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 15. Metadata Security • Earlier versions of SQL Server made it easy for an attacker to explore structure of database • Just needed any access to database • Metadata is as secure as data is Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 16. Agenda • Permissions • Data Encryption • Security Epilogue Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company
  • 17. End of Part 1 http://www.LearnNowOnline.com Learn More @ http://www.learnnowonline.com Copyright © by Application Developers Training Company

Editor's Notes

  • #8: DEMO – rest of section
  • #9: DEMO – rest of section
  • #11: DEMO – rest of section
  • #12: DEMO – rest of section
  • #15: DEMO – Using the EXECUTE AS Clause section
  • #16: DEMO – rest of section