SQL Server Overview

The diagram shows the relationships among SQL Server 2005 components and identifies interoperability between components. Microsoft SQL Server 2005 is a database platform for large-scale online transaction processing (OLTP), data warehousing, and e-commerce applications; it is also a business intelligence platform for data integration, analysis, and reporting solutions. Components in SQL Server 2005:

1. 2. 3. 4. 5.
6. 7. 8.

Database Engine Analysis Services Integration Services Replication Reporting Services Notification Services Full-Text Search Service Broker

SQL Server 2005 introduces "studios" to help you with development and management tasks: SQL Server Management Studio and Business Intelligence Development Studio. In Management Studio, you develop and manage SQL Server Database Engine and notification solutions, manage deployed Analysis Services solutions, manage and run Integration Services packages, and manage report servers and Reporting Services reports and report models. In BI Development Studio, you develop business intelligence solutions using Analysis Services projects to develop cubes, dimensions, and mining structures; Reporting Services projects to create reports; the Report Model project to define models for reports; and Integration Services projects to create packages. Both of these studios are closely integrated with Microsoft Visual Studio and the Microsoft Office System.

In the studios, SQL Server 2005 provides the graphical tools you need to design, develop, deploy, and administer relational databases, analytic objects, data transformation packages, replication topologies, reporting servers and reports, and notification servers. Additionally, SQL Server 2005 includes command prompt utilities to perform administrative tasks from the command prompt. SQL Server 2005 provides a number of ways to submit feedback about the product and the documentation, as well as ways to send error reports and feature usage data automatically to Microsoft. Database Engine The Database Engine is the core service for storing, processing, and securing data. The Database Engine provides controlled access and rapid transaction processing to meet the requirements of the most demanding data consuming applications within your enterprise. Use the Database Engine to create relational databases for online transaction processing or online analytical processing data. This includes creating tables for storing data, and database objects such as indexes, views, and stored procedures for viewing, managing, and securing data. You can use SQL Server Management Studio to manage the database objects, and SQL Server Profiler for capturing server events. Analysis Services Analysis Services is the core service for supporting rapid analysis of business data, delivering online analytical processing (OLAP) and data mining functionality in business intelligence applications. OLAP Analysis Services allows you to design, create, and manage multidimensional structures that contain detail and aggregated data from multiple data sources, such as relational databases, in a single unified logical model supported by built-in calculations. Analysis Services provides fast, intuitive, top-down analysis of large quantities of data built on this unified data model, which can be delivered to users in multiple languages and currencies. Analysis Services works with data warehouses, data marts, production databases and operational data stores, supporting analysis of both historical and real time data. Data Mining Analysis Services contains the features and tools you need to create complex data mining solutions. • • • A set of industry-standard data mining algorithms. The Data Mining Designer, which you can use to create, manage, explore, and create predictions from mining models. The DMX language, which you can use to manage mining models and to create complex prediction queries.

You can use a combination of these features and tools to discover trends and patterns that exist in your data, and then use the trends and patterns to make intelligent decisions about difficult business problems. Integration Services SQL Server 2005 Integration Services (SSIS) is the extract, transform, and load (ETL) component of SQL Server 2005. It replaces the earlier SQL Server ETL component, Data Transformation Services (DTS).

Integration Services is a platform for building enterprise-level data integration and data transformations solutions. You use Integration Services to solve complex business problems by copying or downloading files, sending e-mail messages in response to events, updating data warehouses, cleaning and mining data, and managing SQL Server objects and data. The packages can work alone or in concert with other packages to address complex business needs. Integration Services can extract and transform data from a wide variety of sources such as XML data files, flat files, and relational data sources, and then load the data into one or more destinations. Integration Services includes a rich set of built-in tasks and transformations; tools for constructing packages; and the Integration Services service for running and managing packages. You can use the graphical Integration Services tools to create solutions without writing a single line of code; or you can program the extensive Integration Services object model to create packages programmatically and code custom tasks and other package objects. Replication Replication is a set of technologies for copying and distributing data and database objects from one database to another, and then synchronizing between databases to maintain consistency. Using replication, you can distribute data to different locations and to remote or mobile users over local and wide area networks, dial-up connections, wireless connections, and the Internet. SQL Server provides three types of replication, each with different capabilities: transactional replication, merge replication, and snapshot replication. Transactional replication is typically used in server-to-server scenarios that require high throughput, including: improving scalability and availability; data warehousing and reporting; integrating data from multiple sites; integrating heterogeneous data; and offloading batch processing. Merge replication is primarily designed for mobile applications or distributed server applications that have possible data conflicts. Common scenarios include: exchanging data with mobile users; consumer point of sale (POS) applications; and integration of data from multiple sites. Snapshot replication is used to provide the initial data set for transactional and merge replication; it can also be used when complete refreshes of data are appropriate. With these three types of replication, SQL Server provides a powerful and flexible system for synchronizing data across your enterprise. Reporting Services SQL Server 2005 Reporting Services (SSRS) is a server-based reporting platform that provides comprehensive data reporting from relational and multidimensional data sources. Reporting Services includes processing components, a complete set of tools that you can use to create and manage reports, and an application programming interface (API) that allows developers to integrate or extend data and report processing in custom applications. The reports that you build can be based on relational or multidimensional data from SQL Server, Analysis Services, Oracle, or any Microsoft .NET Framework data provider, such as ODBC or OLE DB. With Reporting Services, you can create interactive, tabular, or free-form reports that retrieve data at scheduled intervals or on-demand when the user opens a report. Reporting Services also enables users to create ad hoc reports based on predefined models, and to interactively explore data within the model. All reports can be rendered in both desktop and Web-oriented formats. You can choose from a variety of viewing formats to render reports on demand in preferred formats for data manipulation or printing. Reporting Services is a server-based solution, and thus provides a way to centralize report storage and management, provide secure access to reports, models, and folders, control how reports are processed and distributed, and standardize how reports are used in your business. Notification Services SQL Server 2005 Notification Services is a platform for developing applications that generate and send notifications, and it is also an engine that runs those applications. You can use Notification Services to generate and

send timely, personalized messages to thousands or even millions of subscribers, and deliver the messages to a wide variety of applications and devices. The Notification Services platform enables the development of rich notification applications. Subscriptions, which express subscribers' interest in specific information (called events), can be evaluated based on the arrival of events or based on a schedule. The event data itself can originate from within the database, from other databases, or from external sources. Notifications, which result from the matching of events and subscriptions, can be richly formatted before being sent to the subscriber. The Notification Services engine works in concert with the SQL Server Database Engine. The Database Engine stores the application data and performs the matching between events and subscriptions. The Notification Services engine controls the flow and processing of data, and can be scaled-out across multiple computers. This can improve the performance of very large and demanding applications. Full-Text Search SQL Server contains the functionality you need to issue full-text queries against plain character-based data in SQL Server tables. Full-text queries could include words and phrases or multiple forms of a word or phrase. Full-Text Search allows fast and flexible indexing for keyword-based query of text data stored in a Microsoft SQL Server database. In SQL Server 2005, Full-Text Search delivers enterprise-level search functionality. Use Full-Text Search to search for plain, character-based data, in multiple fields in multiple tables at the same time. The performance benefit of using Full-Text Search can be best realized when querying against a large amount of unstructured text data. For example, a Transact-SQL LIKE query against millions of rows of text data can take minutes to return; whereas a full-text query may take only seconds or less against the same data, depending on the number of rows that are returned. You can build full-text indexes on data stored in a char, varchar or nvarchar column or formatted binary data, such as Microsoft Word documents, stored in a varbinary(max) or image column. Service Broker SQL Server 2005 Service Broker provides the SQL Server Database Engine native support for messaging and queuing applications. This makes it easier for developers to create sophisticated applications that use the Database Engine components to communicate between disparate databases. Developers can use Service Broker to easily build distributed and reliable applications. Application developers who use Service Broker can distribute data workloads across several databases without programming complicated communication and messaging internals. This reduces development and test work because Service Broker handles the communication paths within the context of a conversation. It also improves performance. For example, front-end databases supporting Web sites can record information and send process intensive tasks to queue in back-end databases. Service Broker ensures that all tasks are managed in the context of transactions to ensure reliability and technical consistency. Microsoft SQL Server's Security Model An Overview of SQL Server's Security Model SQL Server's security model comprises the following components: • SQL Server login • Database user

• guest user • Permissions • Roles SQL Server Login The SQL Server login model supports two security modes: • Windows Authentication • Mixed Security Windows Authentication Windows Authentication takes advantage of Windows NT user security and account mechanisms. This security mode allows SQL Server to share the username and password used for Windows NT and allows the user to bypass the SQL Server login process. Users with a valid Windows NT account can log in to SQL Server without supplying a username and password. Some benefits of Windows Authentication are as follows: • A user does not have to remember a separate password and username. • When the password changes in Windows NT, the user does not have to change the password in SQL Server. How does Windows Authentication work? When a user accesses SQL Server, SQL Server obtains the user and password information from the user's NT network security attributes. These attributes are established when the user logs in to Windows NT. If the user has been granted access to SQL Server, the user is automatically logged in to SQL Server. Using Windows Authentication allows you to take advantage of Windows NT features such as password aging and login auditing. Windows Authentication requires more NT hands-on experience or working closely with the NT system administrator when setting up user accounts and groups. Setting up Windows Authentication requires a few more steps than setting up SQL Server Authentication, but the benefits outweigh the additional configuration steps. Mixed Security In mixed mode security, both Windows Authentication and SQL Server Authentication are enabled. When using SQL Server Authentication, an individual logging in to SQL Server must supply a username and a password that SQL Server validates against a system table. When using Windows Authentication (see the earlier section "Windows Authentication" for more information), users can log in to SQL Server without being prompted for a login ID and password.

Database User The database user concept defines the database(s) an individual can access. After an individual has successfully logged in to SQL Server, either through Windows Authentication or SQL Server Authentication, SQL Server determines whether the user is a valid user for the database he is accessing. Regardless of the security mode, a user must be permitted to access the database. If the user is not permitted in the database, SQL Server returns an error message. The only exception to the database user concept is the guest user. See the next topic for more information on the guest user. guest User A special username, guest, can be added to a database to allow anyone with a valid SQL Server login to access the database. The guest username is a member of the public role. After the guest user has been added to a database, any individual with a valid SQL Server login[md]regardless of security mode[md]can access the database as the guest user. A guest user works as follows: 1. SQL Server checks to see whether the login ID has a valid username or alias assigned. If so, SQL Server grants the user access to the database as the username or aliases. If not, go to step 2.

2. SQL Server checks to see whether a guest username exists. If so, the login ID is granted access to the
database as guest. If the guest account does not exist, SQL Server denies access to the database. Permissions A permission allows someone to do something within a database. There are two types of permissions: object and statement. Object permissions control who can access and manipulate data in tables and views and who can run stored procedures. Statement permissions control who can drop and create objects within a database. SQL Server uses the commands GRANT, REVOKE, and DENY to manage permissions. GRANT - When you GRANT a permission to an object, you allow someone to perform an action against the object (for example, SELECT, UPDATE, INSERT, DELETE, or EXECUTE). When you GRANT permission to a statement, you allow someone to run the statement (for example, CREATE TABLE). REVOKE - When you REVOKE a permission from an object, you prevent someone from performing an action against the object (for example, SELECT, UPDATE, INSERT, DELETE, or EXECUTE). When you REVOKE permission from a statement, you take away a user's ability to run the statement (for example, CREATE TABLE).

DENY - When you DENY a permission from an object, you explicitly prevent someone from using the permission (for example, SELECT, UPDATE, INSERT, DELETE, or EXECUTE), whereas REVOKE actually removes the permission. Object Permissions Object permissions control access to objects within SQL Server. You can grant and revoke permissions to tables, table columns, views, and stored procedures through the Enterprise Manager or through system procedures. A user who wants to perform an action against an object must have the appropriate permission. For example, when a user wants to SELECT * FROM table1, she must have SELECT permission for the table. Table 1 summarizes the types of object permissions. Table 1 - Summary of Object Permissions

Object Type

Possible Actions

Table

SELECT, UPDATE, DELETE, INSERT, REFERENCE

Column

SELECT, UPDATE

View

SELECT, UPDATE, INSERT, DELETE

stored procedure EXECUTE

Statement Permissions Statement permissions control who can perform administrative actions such as creating or backing up a database. Only the sa, members of the sysadmin role, or database owner can administer statement permissions. I advise prudence in granting access to statement permissions such as CREATE DATABASE, BACKUP DATABASE, and BACKUP LOG. Usually, the best approach is to let the sa, a member of the sysadmin role, or the database owner manage these statements. Following is a list of statement permissions that can be granted or revoked: • CREATE DATABASE - Creates a database. This permission can be granted only by the sa and only to users in the master database. • CREATE DEFAULT - Creates a default value for a table column. • CREATE PROCEDURE - Creates a stored procedure. • CREATE RULE - Creates a table column rule. • CREATE TABLE - Creates a table.

• CREATE VIEW - Creates a view. • BACKUP DATABASE - Backs up the database. • BACKUP TRANSACTION - Backs up the transaction log. Roles Roles provide a logical way to group users with permissions. The following are the types of roles found in SQL Server: • Server roles • Database roles Server Roles Server roles provide levels of access to server operations and tasks. If an individual is placed in a certain role, he can perform the function permitted by the role. For example, an individual who is member of the sysadmin role can perform any type of action in SQL Server. Server roles are predefined and are serverwide. These roles are not database specific and cannot be customized. Table 2 provides a listing and explanation for each type of server role. Table 2 - Server Roles

Server Role

Description

sysadmin

Able to do anything in SQL Server

serveradmin

Able to modify SQL Server settings and shut down SQL Server

setupadmin

Able to install replication and control extended stored procedures

securityadmin

Able to control server logins and create database permissions

processadmin

Able to control SQL Server processes

dbcreator

Able to create and modify databases

diskadmin

Able to manage disk files

bulkadmin

Able to execute bulk insert statements

Database Roles Database roles provide the assignment of a set of database-specific permissions to an individual or a group of users. Database roles can be assigned to NT Authenticated logins or SQL Server Authenticated logins. Roles that are assigned to NT Authenticated logins can be assigned to NT users and NT groups. Roles can also be nested so that a hierarchical group of permissions can be assigned to logins. Database roles are database specific. SQL Server provides three types of roles: • Predefined database roles • User-defined database roles • Implicit roles Predefined Database Roles Predefined database roles are standard SQL Server database roles. Each database in SQL Server has these roles. Predefined database roles make it easy to delegate responsibility. For example, a developer might be assigned the db_ddladmin role in a development database. This role would allow a developer to create and drop objects (tables, stored procedures, views, and so on) on an as-needed basis. Predefined database roles are database specific and cannot be customized. Table 3 provides a description of each predefined database role. Table 3 - Predefined Database Roles

Database Role

Description

Has complete access to all objects within the database, can drop and re-create objects, and has db_owner the capability to assign object permissions to other users. It can modify database settings and perform database maintenance tasks. This role encompasses all functionality listed in the other predefined database roles.

db_accessadmin

Controls access to the database by adding or removing Windows Authentication users and SQL Server users.

db_datareader

Has complete access to SELECT data from any table in the database. This role does not grant INSERT, DELETE, or UPDATE permissions on any table in the database.

db_datawriter

Can perform INSERT, DELETE, or UDPATE statements on any table in the database. This role does not grant SELECT permission on any table in the database

db_ddladmin

Has the capability to create, modify, and drop objects in the database.

db_securityadmin

Performs security management within the database. This role manages statement and object permissions and roles within the database.

db_backupoperator

Has the capability to back up the database.

db_denydatareader

Denies SELECT permission on all tables in the database. However, this role does allow users to modify existing table schemas. It does not allow them to create or drop existing tables.

db_denydatawriter

Denies data modification statements (INSERT, DELETE, or UPDATE) from being performed against any tables in the databases

Public

Every database user is a member of the public role. A user automatically becomes part of the public role when she is permitted access to the database.

Sign up to vote on this title
UsefulNot useful