Manage Logins and Server Roles

7/23/2019 Print content
Administering Microsoft SQL Server 2012 Databases
Manage Logins and Server Roles
Introduction
Configuring Server Security
Managing Access to the Server, SQL Server Instance and Databases
Summary
Introduction
The Manage Logins and Server Roles module provides you with the instruction and
server hardware to develop your hands on skills in the defined topics. This module
includes the following exercises:
Configuring Server Security

Managing Access to the Server, SQL Server Instance and Databases
Lab Diagram
During your session you will have access to the following lab configuration. Depending
on the exercises you may or may not use all of the devices, but they are shown here in the
layout to get an overall understanding of the topology of the lab.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/31
Connecting to your lab
In this module you will be working on the following equipment to carry out the steps
defined in each exercise.
PLABSQL01 (SQL Server 1)
To start, simply choose a device and click Power on. In some cases, the devices may
power on automatically.
For further information and technical support, please see our Help and Support
page.
Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2014. All rights reserved. Any
redistribution or reproduction of part or all of the contents in any form is prohibited other than the
following:
1) You may print or download to a local hard disk extracts for your personal and non-commercial use
only.
2) You may copy the content to individual third parties for their personal use, but only if you
acknowledge the website as the source of the material. You may not, except with our express written
permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any
other website or other form of electronic retrieval system.
Exercise 1 - Configuring Server Security

In this exercise, you will perform the tasks required to manage logins and server roles. To
better understand these tasks, please refer to your course material or visit
http://technet.microsoft.com/en-us/library/bb500469.aspx to gain an understanding of
this topic.
SQL Server Security
To configure server security, perform the following steps:
Step 1
Ensure you have powered on the required devices and Connect to PLABSQL01.
On the desktop, double-click SQL Server Management Studio.
The Connect to Server dialog box is displayed.
Keep the default settings and click Connect.
The Microsoft SQL Server Management Studio opens.
In Object Explorer, right-click PLABSQL01 and select Properties. The Server

Properties - PLABSQL01 dialog box is displayed.
In the left pane, select Security. The right pane displays the contents of the Security
tab.
In the Server authentication section, select SQL Server and Windows

Authentication mode.
In the Options section, select Enable C2 audit tracing.
Click Permissions in the left pane.
In the right pane, in the Logins or roles section, select

PRACTICELABS\Administrator.
In the Permissions for PRACTICELABS\Administrator section, select the

following and click OK.
Administer bulk operations

Alter any database
The Microsoft SQL Server Management Studio dialog box is displayed. Click OK
to close the dialog box.
Restart the PLABSQL01 server for the changes to take effect.
In Object Explorer, right-click PLABSQL01 and select Restart.
The Microsoft SQL Server Management Studio dialog box is displayed. Click Yes.
The Service Control dialog box shows the restart progress. Click Close to close the
dialog box.
The server is now restarted.
Securing the SQL Server using Windows account / SQL Server

account, Server Roles
To secure the SQL Server using Windows account / SQL Server account, server roles,
perform the following steps:
Step 1
Click the start menu and hover over Administrative Tools and then select Active
Directory Users and Computers.
The Active Directory Users and computers window will appear, expand
PRACTICELABS.COM within the right panel, then right click users and select New
> User.
Enter the following details:
First name: Rebecca

Last name: Higgins
User Logon name: Rebecca
Note: The other fields will be populated automatically
Click Next.
On the next window type the following password:
Passw0rd
Remove the tick box for User must change password at next logon and add
Password never expires
Finally click next.
Click finish.
Step 2
From Microsoft SQL Server Management Studio.
In Object Explorer, right-click Security, select New, and then select New Login. The Login
- New dialog box is displayed.
In the Login name text box, enter Rebecca and click Search.
The Select User, Service Account, or Group dialog box is displayed. Enter rebecca
in the Enter the object name to select and click Check Names. Click OK.
In the Default database drop-down list, select AdventureWorks2012 and click OK.
In Object Explorer, in the Security node, expand Logins. Note that Rebecca’s login
appears in the list.
Right-click PRACTICELABS\Rebecca and select Properties. The Login

Properties - PRACTICELABS\Rebecca dialog box is displayed.
In the left pane, click Status.
Note that the Login field is set to Enabled. Click OK to close the dialog box.
After creating a login for a Windows account, you can create an SQL login for a user. For
this exercise, let's create a login for a user named Josh.
In Object Explorer, right-click Security, select New, and then select New Login.
The Login - New dialog box is displayed.
In the Login name text box, enter Josh.
Select SQL Server authentication.
In the Password and Confirm Password field, enter Passw0rd .

In the Default database drop-down list, select AdventureWorks2012 and click OK.
In Object Explorer, in the Security node, expand Logins. Note that Josh’s login
After creating the login, you can configure a server role for the login. By default, a new
login is assigned the public server role. You can change this role depending on your
requirement.
In Object Explorer, in the Security node, expand Logins. Note that Rebecca’s login
Right-click PRACTICELABS\Rebecca and select Properties. The Login

Properties - PRACTICELABS\Rebecca dialog box is displayed.
In the left pane, click Server Roles.
Note that public is selected by default.
Select serveradmin and click OK.
Leave the devices you have powered on in their current state and proceed to the next
exercise.
Exercise 2 - Managing Access to the Server, SQL

Server Instance, and Databases
In the task Configuring server security, you learnt to assign access to specific users on a
server. If you have more than one instance running on a single physical server, you can
use the same procedure to assign permissions for each of the instances.
Assigining Permisssions
In this task, you will focus on assigning permissions at the database level.
To manage access to the database, perform the following steps:
Step 1
On PLABSQL01 in Object Explorer, expand Databases, right-click
AdventureWorks2012, and select New Query. The new query window is displayed in
the right pane.
For this exercise, you will assign permissions to the user rebecca in the
Person.Address table.
Note: Ensure the user rebecca exists in the database or at the instance level.
Enter the following query and click Execute:
Use AdventureWorks2012
GRANT SELECT, INSERT, UPDATE
ON Person.Address
TO "PRACTICELABS\Rebecca"
You can now verify if the access is granted on the Person.Address table.
Expand Tables, right-click Person.Address and select Properties. The Table

Properties - Address dialog box is displayed.
In the left pane, select Permissions.
Note that rebecca is added. Select rebecca. Note the permissions assigned in the
Permissions for rebecca section.
Click OK to close the dialog box.
Creating and Maintaining User-defined Server Roles To create and maintain

user-defined server roles, perform the following steps:
Step 1
From Microsoft SQL Server Management Studio.
In Object Explorer, right-click Security, select New, and then select Server Role.
The New Server Role -ServerRole -xxxxxxxx-xxxxxx dialog box is displayed.
Note: The xxxxxxxx-xxxxxx is denoted by a unique number.
In the Server role name text box, enter PLAB-Admin. In the Securables section,
expand Logins and select PRACTICELABS\Administrator.
In the Permissions for PRACTICELABS\Administrator section, select all options

in the Grant column.
In the left pane, click Members.
Click Add. The Select Server Login or Role dialog box is displayed. Enter
Administrator in the Enter the object names to select text box and click Check
Names.
The Multiple Objects Found dialog box is displayed. Select

[PRACTICELABS\Administrator] and click OK.
Click OK in the Select Server Login or Role dialog box.
In the left pane, click Memberships.
In the right pane, select serveradmin and click OK.
In Object Explorer, in the Security node, expand Server Roles. Note that PLAB-
Admin is now created.
Managing Certificate Logins You can use a master key to create a certificate and
then a login associated with the certificate. However, there may be a situation when you
do not have master key to create a certificate. In that case, you must specify a password
when creating a key. In this task, you will create a symmetric key using a password.
To manage certificate logins, perform the following steps:
Step 1
In Object Explorer, right-click AdventureWorks2012 and select New Query. The
right pane displays a new query window.
You have to create a new asymmetric key named rebecca.
To do this, enter the following query and click Execute.
CREATE ASYMMETRIC KEY rebecca

WITH ALGORITHM = RSA_2048
ENCRYPTION BY PASSWORD = 'Passw0rd';
GO
You can now create a new login in SQL and map the asymmetric key rebecca.
Expand AdventureWorks2012, expand Security, right-click Users, and select New

User.
From the User type drop-down list, select User mapped to an asymmetric key.
In the User name text box, enter Rebecca.
Click ... next to the Asymmetric key name text box.
The Select Asymmetric Key dialog box is displayed. Enter rebecca in the Enter the
object names to select text box and click Check Names. Click OK.
Note that rebecca appears in the Asymmetric key name text box. Click OK.
Note that Rebecca is now created.
To verify the asymmetric keys, you can navigate to the Security node in
AdventureWorks2012 and then expand Asymmetric Keys. Note that rebecca is
listed.
All the asymmetric keys that you create will be listed here.
Shutdown all virtual machines used in this lab, by using the power functions located in
the Tools bar before proceeding to the next module. Alternatively you can log out of the
lab platform.
Summary
In this module, you covered carried the following practical tasks:
Configuring server security

Securing the SQL Server using Windows Account / SQL Server accounts, server
roles
Creating login accounts
Managing access to the server, SQL Server instance, and the databases
Creating and maintaining user-defined server roles
Managing certificate logins
Also try
Using the current lab setup you can try the following concepts at your own pace.
Creating a user named Russ and assigning permissions for the Person.Address table.
Add Update and Delete permissions.
Assigning the Deny permission to Josh on the PLABSQL01 instance.
Assigning the Deny permission to Russ for the Person.Person address.
Creating a new server role.
Creating a new certificate login after creating a certificate key.

Manage Logins and Server Roles

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manage Logins and Server Roles

Uploaded by

Copyright:

Available Formats

7/23/2019 Print content

Administering Microsoft SQL Server 2012 Databases

Manage Logins and Server Roles

Configuring Server Security

Connecting to your lab

PLABSQL01 (SQL Server 1)

Exercise 1 - Configuring Server Security

SQL Server Security

To configure server security, perform the following steps:

On the desktop, double-click SQL Server Management Studio.

The Connect to Server dialog box is displayed.

Keep the default settings and click Connect.

The Microsoft SQL Server Management Studio opens.

In Object Explorer, right-click PLABSQL01 and select Properties. The Server

In the Server authentication section, select SQL Server and Windows

In the Options section, select Enable C2 audit tracing.

Click Permissions in the left pane.

In the right pane, in the Logins or roles section, select

In the Permissions for PRACTICELABS\Administrator section, select the

Administer bulk operations

Restart the PLABSQL01 server for the changes to take effect.

In Object Explorer, right-click PLABSQL01 and select Restart.

The server is now restarted.

Securing the SQL Server using Windows account / SQL Server

Enter the following details:

First name: Rebecca

Note: The other fields will be populated automatically

On the next window type the following password:

Finally click next.

Right-click PRACTICELABS\Rebecca and select Properties. The Login

In the left pane, click Status.

In the Login name text box, enter Josh.

Select SQL Server authentication.

In the Password and Confirm Password field, enter Passw0rd .

Right-click PRACTICELABS\Rebecca and select Properties. The Login

In the left pane, click Server Roles.

Note that public is selected by default.

Select serveradmin and click OK.

Exercise 2 - Managing Access to the Server, SQL

To manage access to the database, perform the following steps:

Enter the following query and click Execute:

Expand Tables, right-click Person.Address and select Properties. The Table

In the left pane, select Permissions.

Click OK to close the dialog box.

Creating and Maintaining User-defined Server Roles To create and maintain

Note: The xxxxxxxx-xxxxxx is denoted by a unique number.

In the Permissions for PRACTICELABS\Administrator section, select all options

In the left pane, click Members.

The Multiple Objects Found dialog box is displayed. Select

Click OK in the Select Server Login or Role dialog box.

In the left pane, click Memberships.

In the right pane, select serveradmin and click OK.

To manage certificate logins, perform the following steps:

You have to create a new asymmetric key named rebecca.

To do this, enter the following query and click Execute.

CREATE ASYMMETRIC KEY rebecca

Expand AdventureWorks2012, expand Security, right-click Users, and select New

In the User name text box, enter Rebecca.

Click ... next to the Asymmetric key name text box.

Note that Rebecca is now created.

Configuring server security

You might also like