Scribd Logo
Upload

Welcome to Scribd!

  • Assgn.2 - 17BTRIO019 (27 3 2020) PDF

    Uploaded by

    Meghana Ammu
    26 views4 pages

    Original Title

    assgn.2_17BTRIO019(27-3-2020).pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views4 pages

    Assgn.2 - 17BTRIO019 (27 3 2020) PDF

    Uploaded by

    Meghana Ammu

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    OWNERSHIP CHAINING AND IT’S EXTENSION TO

    CROSS-DATABASE CHAINING

    Ownership Chaining: It is defined as a security feature in SQL server that


    enables the management of access to multiple objects.
    •It is done by setting permissions on one object.
    •A user is confined within his schema and will be able to access other
    objects within his schema.
    •The user may want to access data from a different schema for various
    reasons.
    •All this might not be possible due to the security implementations.
    •A new principal is created with only SELECT privilege to solve this
    issue.
    •This provides an access for users to view the table.

    CROSS-DATABASE CHAINING: It is a security feature of SQL server


    which allows the database users to access the other ones beside the one
    they are using currently.
    •It is an extension of ownership chaining.
    •It involves the same process but does cross the database boundary.
    •the cross database ownership chaining should NOT be turned ON at
    server level.
    •It must be only turned on for those which need it.

    EXAMPLE:

    •It might occur when we view one database that references a table in
    another database.
    •​The view in the first database refers to a table in the second database.
    •If it is about objects in the same database and the same user owns the
    table and view,it forms an ownership chain that may need the end user
    to access the view.
    •The same thing is possible with cross-database ownership chaining but
    across the database.
    •​Cross database ownership chaining can be turned on at either the server
    or the database level.
    •​ If the cross database ownership chaining is on at the server level, it is
    on for all databases on that server, regardless of the individual database
    settings.
    •​ B
    ​ y default, the cross database ownership chaining is turned off at server
    level​. 
    •For databases which are activated for cross database ownership
    chaining, an ownership chain is permitted to cross the database layer. 
    •The way the ownership chain is determined is similar to an ownership
    chain within a database.
    •The exception is that the owner of each object is ultimately mapped to a
    login.
    •If you have an object in one database which refers to an object in a
    second database, both databases are configured for database ownership
    chaining and both objects have the same owner, then a cross-database
    ownership chain is formed​.
    •​Security is checked on the first object, but not on the second one.
    •​The login querying the first object must also have access into the second
    database.
    •​If the login does not have the ability to connect to that second database,
    the query will fail.
    •​If a cross database ownership cannot be formed, and one object refers to
    an object in a different database,login must map to a user in each
    database.
    •​It specifies the appropriate rights on the objects.
    THREE CONTAINING LEVELS AS PER ANSI
    SQL STANDARDS.

    •Securable Principals and permissions are associated with each


    securable are a set of permissions that we can grant to a principal.
    •Securable range from coarse-grained at the server level and database
    level,down through the schema level.
    •The ANSI(American National Standard Institute) SQL standard defines
    these containing levels:
    →Server level
    →Database level
    → Schema level

    • SQL Server implements all the three levels since the 2005 version.
    • Database does not have objects as tables/views directly but has
    schemas in between which contain the objects.
    • Every database object needs to be inside a schema.
    • The default schema in SQL Server, in which all objects are created or
    specified is named dbo.

    ​IMPORTANCE OF SECURING SCHEMAS:

    Schema:It is defined as an independent entity that is different from the


    user who created the object.

    •It is a collection of logical structure of data in SQL databases.


    •Even if there is security implemented at app level,the database must
    have a built-in access control.
    •Access control acts as second-line defense against any other SQL
    external attacks.
    •There are three main purposes of schema
    →name space
    →Access control
    →Application Interface

    •Database users have a default schema.


    •If they create an object without schema prefix,it is created in the user
    default schema.
    •This is important to understand in order to avoid undesired results.
    •In general,schema based security is a good way of controlling the access
    to an SQL Server database.
    •The permissions given to a principal on the schema itself will apply to
    all securable objects belonging to the schema.
    •Principal has the same permission on all those objects.

    You might also like