Manage Users and Database Roles

7/23/2019 Print content
Administering Microsoft SQL Server 2012 Databases
Manage Users and Database Roles
Introduction
Managing Security Roles
Creating Database User Accounts
Creating Contained Logins
Summary
Introduction
The Manage Users and Database Roles module provides you with the instruction
and server hardware to develop your hands on skills in the defined topics. This module
includes the following exercises:
Managing Security Roles

Creating Database User Accounts
Creating Contained Logins
Lab Diagram
During your session you will have access to the following lab configuration. Depending
on the exercises you may or may not use all of the devices, but they are shown here in the
layout to get an overall understanding of the topology of the lab.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/49
Connecting to your lab
In this module you will be working on the following equipment to carry out the steps
defined in each exercise.
PLABSQL01 (SQL Server 1)
To start, simply choose a device and click Power on. In some cases, the devices may
power on automatically.
For further information and technical support, please see our Help and Support
page.
Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2014. All rights reserved. Any
redistribution or reproduction of part or all of the contents in any form is prohibited other than the
following:
1) You may print or download to a local hard disk extracts for your personal and non-commercial use
only.
2) You may copy the content to individual third parties for their personal use, but only if you
acknowledge the website as the source of the material. You may not, except with our express written
permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any
other website or other form of electronic retrieval system.
Exercise 1 - Managing Security Roles

The concept of least privilege means assigning only those privileges that are required for
a user to perform a specific task. For example, if a user needs to insert data into a
database, you can assign only insert data privileges on the database. To be more specific,
if a user needs to add data specifically into a table, then you should assign privileges on
the required table, rather than the database.
In this exercise, you will perform the tasks required to manage users and database roles.
Please refer to your course material or use your favourite search engine to research for
more information about this topic.
Task 1 - Create Active Directory user account for security login
To create a user account for login, follow these steps:
Step 1
Ensure that you have powered on the required devices and connect to PLABSQL01.
Click Start then go to Administrative Tools and select Active Directory Users and
Computers.
Step 2
Right-click on Users container and click New then click User.
Step 3
On New Object - User, click in First name box and type:
SQLUser1
In User logon name box, type:
SQLUser1
Click Next.
Step 4
In Password and Confirm password text boxes, type:
Passw0rd
Clear User must change password at next logon box.
Click Next.
Step 5
Click Finish to close New Object - User dialogue box.
Step 6
Close Active Directory Users and Computers.
Task 2 - Create SQL Server Login
To create a SQL Server login, follow these steps:
Step 1
From PLABSQL01, on desktop, double-click SQL Server Management Studio
Step 2
The Connect to Server dialog box is displayed.
Keep the default settings and click Connect.
Step 3
On SQL Server Management Studio, expand Security then expand Logins.
Right-click on Logins and choose New Login…
Step 4
In the Login name field, click Search…
Step 5
In the Select User, Service Account or Group type:
SQLUser1
Click Check Names.
Step 6
Click OK when SQLUser1 has been resolved or underlined.
Step 7
Back in Login-New dialogue box, click OK.
Step 8
PRACTICELABS\SQLUser1 is now in the Logins folder.
Step 9
Navigate to Databases, then expand AdventureWorks2012, then expand Security.
Right-click Users folder and choose New User…
Step 10
In Database User - New dialogue box, go to User name section and type:
SQLUser1
In Login name, type:
PRACTICELABS\Administrator
In Default schema, click […]
Step 11
In Select Schema, click Browse…
Step 12
On Browse for Objects, click [db_accessadmin] and [dbo].
Click OK.
Step 13
Back in the Select Schema dialogue box, click OK.
Step 14
On Database User-New, click OK to save changes.
Step 15
Keep SQL Server Management Studio open for the next exercise.
Task 3 - Managing Security Roles for Users and Administrators
The roles that already exist in SQL Server are known as the Fixed Database-level roles.
The roles that you create in SQL Server are known as Flexible Database-level roles.
To configure security roles for users and administrators, perform the following steps:
Step 1
On PLABSQL01 device, with Microsoft SQL Server Management Studio open,
navigate to Databases > AdventureWorks2012 > Security, then expand Roles
then expand Database Roles.
Step 2
Right-click db_accessadmin, and select Properties.
Step 3
The Database Role Properties - db_accessadmin dialog box is displayed.
On Members of this role section, click Add.
Step 4
The Select Database User or Role dialog box is displayed.
In the Enter the object names to select text box, type:
SQLUser1
Click Check Names.
Step 5
With SQLUser1 now resolved, click OK.
Step 6
SQLUser1 user is added to the Members of this role section.
Click OK.
Step 7
You are navigated back to the Microsoft SQL Server Management Studio.
Now let's create a flexible database-level role.
Under AdventureWorks2012, expand Security, expand Roles, right-click

Database Roles, and select New Database Roles.
Step 8
The Database Role - New dialog box is displayed.
Step 9
In the Role name text box, enter SQLUser1_db_creator. In the Owner text box,
enter SQLUser1.
Step 10
In the Schemas owned by this role section, select db_datawriter.
Click Add.
Step 11
The Select Database User or Role dialog box is displayed.
In the Enter the object names to select text box, enter SQLUser1 and click OK.
Step 12
Click OK to close the Database Role - New dialog box.
Step 13
You are navigated back to Microsoft SQL Server Management Studio.
Note that the SQLUser1_db_creator role is now created.
Keep Microsoft SQL Server Management Studio open for the next exercise.
Leave the devices you have powered on in their current state and proceed to the next
exercise.
Exercise 2 - Creating Database User Accounts

In this exercise, you will create database users accounts.
Please refer to your course material or use your favourite search engine to research for
more information about this topic.
Task 1 - Creating a SQL user without login
To create database user accounts, perform the following steps:
Step 1
On PLABSQL01 with the Microsoft SQL Server Management Studio open,

navigate to Databases, expand AdventureWorks2012, expand Security, right-click
Users, and select New User.
Step 2
The Database User - New dialog box is displayed.
In the User type drop-down list, select SQL user without login.
Enter SQLUser2 in the User name text box and click OK.
Step 3
Note that the SQLUser2 user is now created under the Security > Users node for
AdventureWorks2012.
Leave the devices you have powered on in their current state and proceed to the next
exercise.
Exercise 3 - Creating Contained Logins

In this exercise, you will create contained logins in database.
Note: Before you create a contained login, ensure that containment is enabled at the
instance level.
Task 1 - Create Contained Logins in SQL
To create contained logins, perform the following steps:
Step 1
From Microsoft SQL Server Management Studio, click Databases node.
On the toolbar, click New Query button.
Step 2
The SQLQuery1.sql tab opens on the right.
Create a partially contained database by executing the following query:
EXEC sp_configure 'contained database authentication',1

reconfigure
go
Click Execute.
Step 3
You should get a query executed successfully command.
Step 4
Click again on New Query button.
Step 5
A new tab opens, now type the following:
You can now create a SQL contained user. Create a new query with the following
statements and click Execute.
create database TestDB1

containment=partial
go
Then click Execute.
Step 6
The TestDB1 database is successfully created.
TestDB1 is now a contained database.
Click New Query button.
Step 7
A new query tab opens.
You can now create a SQL contained user. Create a new query with the following
statements and click Execute.
USE TestDB1
GO
CREATE USER TestContainedUser1 WITH PASSWORD = 'Passw0rd'
Go
Step 8
The query runs successfully.
Step 9
Expand Databases in Object Explorer.
Note that it has the TestDB1 node.
Expand Security under this node and then expand Users.
Note that TestContainedUser1 is created.
Shutdown all virtual machines used in this lab, by using the power functions located in
the Tools bar before proceeding to the next module.
Alternatively you can log out of the lab platform.
Summary
In this module, you covered carried the following practical tasks:
Creating access to server / database with least privilege

Managing security roles for users and administrators
Creating database user accounts
Creating contained logins

Manage Users and Database Roles

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manage Users and Database Roles

Uploaded by

Copyright:

Available Formats

7/23/2019 Print content

Administering Microsoft SQL Server 2012 Databases

Manage Users and Database Roles

Managing Security Roles

Connecting to your lab

PLABSQL01 (SQL Server 1)

Exercise 1 - Managing Security Roles

Task 1 - Create Active Directory user account for security login

To create a user account for login, follow these steps:

In User logon name box, type:

Clear User must change password at next logon box.

Task 2 - Create SQL Server Login

To create a SQL Server login, follow these steps:

Keep the default settings and click Connect.

Right-click on Logins and choose New Login…

Click Check Names.

Right-click Users folder and choose New User…

In Login name, type:

In Default schema, click […]

Task 3 - Managing Security Roles for Users and Administrators

On Members of this role section, click Add.

In the Enter the object names to select text box, type:

Click Check Names.

Now let's create a flexible database-level role.

Under AdventureWorks2012, expand Security, expand Roles, right-click

Note that the SQLUser1_db_creator role is now created.

Exercise 2 - Creating Database User Accounts

Task 1 - Creating a SQL user without login

To create database user accounts, perform the following steps:

On PLABSQL01 with the Microsoft SQL Server Management Studio open,

Exercise 3 - Creating Contained Logins

Task 1 - Create Contained Logins in SQL

To create contained logins, perform the following steps:

From Microsoft SQL Server Management Studio, click Databases node.

On the toolbar, click New Query button.

Create a partially contained database by executing the following query:

EXEC sp_configure 'contained database authentication',1

create database TestDB1

Then click Execute.

TestDB1 is now a contained database.

Click New Query button.

Note that it has the TestDB1 node.

Expand Security under this node and then expand Users.

Note that TestContainedUser1 is created.

Alternatively you can log out of the lab platform.

Creating access to server / database with least privilege

You might also like