Professional Documents
Culture Documents
Security
Prepared
Client Server Architecture
The client server model is just one way for the
computers to communicate via the web
The client server is based on a centralized structure
There is another way to communicate via a
decentralized structure
It requires client and server programs and devices
Clients request and server response for requests
A client is a machine or a program is an appliance or a
use
1. windows authentication
Is a mechanism by which we can create user account in
use
1. Physical security
2. Logical Security
Logical Level Security
Authentication is validating the identity of authorized
users
Autherization is a process of authorizing users to
level – Campus
Users and Logins
Logins is related to servers
Users is related to database
Types of Logical Security
1. Windows level
2. Server level
3. Data Base Level
4. File level
recommended to do
Providing Server Level Access using
SQL command
Use databasename
CREATE LOGIN loginname WITH PASSWORD = ‘password’
TO DELETE LOGIN
Use databasename
DROP LOGIN loginname
1. use master
CREATE LOGIN melesech WITH PASSWORD='melesech‘
2. use master
DROP LOGIN melesech
3. use abebe
create login melesech1 with password='melesech
You can use the T-SQL’s create user command
for SQL server add user to database. The SQL
create user command takes the following
syntax:
create user <user-name> for login <login-
name>
SQL server database role
membership
db_owner. Allowed to perform all configuration
and maintenance activities on the database and
can also drop the database.
db_securityadmin. Allowed to modify role
membership and manage permissions. Adding
principles to this role could enable unintended
privilege escalation.
db_accessadmin. Allowed to add or remove access
to the database for Windows logins, Windows
groups, and SQL Server logins.
db_backupoperator. Allowed to go for backup of
the database.
Cont…
db_ddladmin. Allowed to run any Data Definition
Language (DDL) command in a database.
db_datawriter. Allowed to add, delete, or change
data in all user tables.
db_datareader. Allowed to read complete data
from all user tables.
db_denydatawriter. Cannot add, modify, or
delete any data in the user tables within a
database.
db_denydatareader. Cannot read any data in the
user tables within a database.
Access as server level
Click management studio
Select server type
Select server level authentication
Type user name and password
Click OK
dialogue box
Run the sql server type and restart the service
To connect to the database
Server role
Server role is specified highest level is sys level and
The lowest level is public level – can not create
database,
You can enter into the server but cannot access any
procedures
Sysadmin has highest level access
Diskadmin- manage disk files, limit disc increase
Definning Server Level Role
Click on log in
You can specify the login name
Right mouse click and select properties
Click server role
Select roles – as db creater , sys roles, disk admin
Click server
Click new server role and type financial
To modify the existing priveleges
Select the server
Click on security
Click on login
Select name and
Click server role and specify or change the existing
names
Click the three dots
Type the name and check or browse and select log in
Type user
Now you have access to the database level but can not
use abebe
create login melesech1 with password='melesech
create user melesech1 for login melesech
To alter role
use abebe
ALTER ROLE [DB_OWNER] add member melesech1
Fixed Database Role
Db-owner :- all activities
Accessadmin – add or remove users
Datareader – see data in the database
Data-writer – add,modify, delete data in tables
Ddladmn – all ddl operation
Security admin- security permission
Backupoperator- bacup database
Denydatareader- cannotsee any data in the database
Deny data writer- cannot change any data
Database Level
General- to see user Name and specify Default Schema
Owned Schema – To give/deny grants to schema
database engine
User Mapping
User Mapping relates to database level access
Specify the database
Specify the role in that specific database
Highest level is database owner in database level owner
Status – Grant or Deny,
Login- enables disabled
To provide File level access
Go to the database and security and users
Find the users and double click
Click securable and search
Select either specific or all
OK
Click search and select object i.e table
Click browse and select name
Click ok and click ok
To provide data file
Go to the specified database
Click security and users
Find and double click users
Click securable and find object and select table
Check grant or deny permission for the table
Click OK
Check grant or deny permission for the table
Specify columns
Click OK
To revoke
Security
Click on the username
Right click on properties
Status - Deny
Login - disable
Excercise
Create a login by the name newuser33 and
password3 by windows authentication mode
Create a login by the name newuser3 and
age
Create a table called course with dept,
coursename