Professional Documents
Culture Documents
Infraestructura de Base de Datos: Jorge Alberto Espinoza Gomez
Infraestructura de Base de Datos: Jorge Alberto Espinoza Gomez
de Datos
Jorge Alberto Espinoza Gomez
Introducción
• Authentication mode:
• Windows®
• Mixed
Windows Authentication
• SQL Server checks the provided user name and password against
the Windows user details. SQL Server does not require a password.
This is the default authentication mode. Windows user security
controls access to SQL Server.
• Kerberos security protocol is used to provide security policies such
as account locking, strong passwords, and password expiration.
The Kerberos protocol is supported by SQL Server over the TCP/IP,
named pipes, and shared memory communication protocols
• Best Practice: If possible, Windows authentication should be used.
SQL Server Authentication (Mixed Mode)
• After creating a login, you should give that login access to at least
one database before they can connect to the server. Generally,
you only need to enable logins to access the databases that they
need to work with. You can do this by creating a database user for
the login in each database that it must access.
• Granting Access to Databases
• Logins cannot connect to a database to which they have not been
granted access. To grant access to a principal, you can create a
database user.
Granting Access to DataBases
Managing Mismatched Security Identifiers
Server-Scoped Permissions
• Permissions at the server level
generally relate to
administrative actions, such as
creating databases, altering
logins, or shutting down the
server.
Ejemplos
WITH recCTE
SELECT * AS
FROM sys.fn_builtin_permissions('SERVER') (
ORDER BY permission_name; SELECT permission_name, covering_permission_name AS
parent_permission, 1 AS hierarchy_level
FROM sys.fn_builtin_permissions('SERVER')
WHERE permission_name = 'CONTROL SERVER'
UNION ALL
SELECT bp.permission_name, bp.covering_permission_name,
hierarchy_level + 1 AS hierarchy_level
FROM recCTE AS r
CROSS APPLY sys.fn_builtin_permissions('SERVER') AS bp
WHERE bp.covering_permission_name = r.permission_name
)
SELECT * FROM recCTE
ORDER BY hierarchy_level, permission_name;
Typical Server-Scoped Permissions
• CONTROL SERVER
• This permission implicitly grants all other server-level permissions.
• CONTROL SERVER is not exactly equivalent to membership of the sysadmin
fixed server role; some system stored procedures and functions require
membership of the sysadmin role.
• ADMINISTER BULK OPERATIONS
• This permission grants access to bulk insert operations.
• ALTER ANY DATABASE
• This permission grants administrative control over all databases on a SQL
Server instance. It implicitly grants the CREATE ANY DATABASE permission.
Typical Server-Scoped Permissions
• Empleando el management
Studio
• Empleando T-SQL
Próximo Encuentro