programming4us
           
 
 
SQL Server

SQL server 2008 : Managing Security - Roles

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/24/2010 4:54:31 PM
Like Windows groups, SQL Server provides two roles, server- and database-level roles into which logins and users can be added. Server-level roles are fixed roles that have a serverwide permission scope. Each built-in role serves a specific purpose and have the required permissions associated with them. Although you are limited to the built-in server-level roles, you can create new database-level roles in addition to those available to suit more specific needs.

SQL Server logins, Windows accounts, and Windows groups can be added to server-level roles. Server-level roles are as follows:

  • sysadmin – Perform any activity in the server. By default, the BUILTIN\Administrators group and the local administrator’s group are members of the sysadmin role.

  • serveradmin – Change server-wide configuration options and shut down the server.

  • securityadmin – Manage logins and their properties. They will be able to reset passwords for SQL Server logins and GRANT, DENY, and Revoke database-level and server-level permissions.

  • processadmin – End processes running in an instance of SQL Server.

  • setupadmin – Add and remove linked servers.

  • bulkadmin – Run the BULK INSERT statement.

  • diskadmin – Manage disk files.

  • dbcreator – CREATE, ALTER, DROP, and restore any database.

You can find the following objects in the master database that can help when working with server-level roles:

  • sp_helpsrvrole – Returns a list of server-level roles.

  • sp_helpsrvrolemember – Returns information about the members of a server-level role.

  • sp_srvrolepermission – Displays the permissions of a server-level role.

  • IS_SRVROLEMEMBER – Indicates whether a SQL Server login is a member of the specified server-level role.

  • sys.server_role_members – Returns one row for each member of each server-level role.

  • sp_addsrvrole_member – Adds a login as a member of a server-level role.

  • sp_dropsrvrole_member – Removes a SQL Server login or a Windows user or group from a server-level role.

There are two types of database-level roles, fixed database roles that are predefined in the database and flexible database roles that you can create.

The fixed database-level roles are:

  • db_owner – Can drop the database as well as permission to perform all configuration and maintenance tasks.

  • db_security_admin – Can modify role membership and manage permissions. Please be careful when adding principals to this role; an unintended privilege escalation could result.

  • db_accessadmin – Can add or remove database access for Windows logins, Windows groups, and SQL Server logins.

  • db_backupoperator – Can back up the database.

  • db_ddladmin – Can run any Data Definition Language command.

  • db_datawriter – Can add, delete, or change data in all user tables.

  • db_datareader – Can read all data from all user tables.

  • db_denydatawriter – Will deny permission in the database to add, modify, or delete any data in the user tables.

  • db_denydatareader – Will deny permission in the database to read any data in the user tables.

These objects can be helpful when working with Database-level roles:

  • sp_helpdbfixedrole – Returns a list of the fixed database roles.

  • sp_dbfixedrolepermission – Displays the permissions of a fixed database role.

  • sp_helprole – Returns information about the roles in the current database.

  • sp_helprolemember – Returns information about the members of a role in the current database.

  • sys.database_role_members – Returns one row for each member of each database role.

  • IS_MEMBER – Indicates whether the current user is a member of the specified Microsoft Windows group or Microsoft SQL Server database role.

  • CREATE_ROLE – Creates a new database role in the current database.

  • ALTER_ROLE – Changes the name of a database role.

  • DROP_ROLE – Removes a role from the database.

  • sp_addrole – Creates a new database role in the current database.

  • sp_droprole – Removes a database role from the current database.

  • sp_addrolemember – Adds a database user, database role, Windows login, or Windows group to a database role in the current database.

  • sp_droprolemember – Removes a security account from a SQL Server role in the current database.

Figure 1 shows the fixed server roles. Figure 2 shows the predefined database roles.

Figure 1. Fixed Server-Level Roles
Figure 2. Database-Level Roles
Create a New Database Role

You need to create a new Database Role owned by the HumanResources role that will permit members to also use objects in the purchasing schema.

  1. In the SQL Server Management Studio, locate the Database Roles folder under Security/Roles in the AdventureWorks2008 database.

  2. Right-click on the Database Roles folder and select New Database Role... from the menu.

  3. In the Database Role – New window, type Purchasing into the Role name text box.

  4. In the Owner text box, browse and select HumanResources as the Owner.

  5. In the Owned Schemas section, locate and select the Purchasing schema.

  6. Your window should look like Figure 3. By creating your new role, notice the schemas owned by your new role by default.

    Figure 3. Database Role Properties

  7. Click OK. Your newly created database role will appear in the database role folder.
Other -----------------
- SQL Server 2008 : Managing Remote Servers
- Linked Servers
- Adding, Dropping, and Configuring Linked Servers
- Mapping Local Logins to Logins on Linked Servers
- Obtaining General Information About Linked Servers
- Executing a Stored Procedure via a Linked Server
- Setting Up Linked Servers Using SQL Server Management Studio
- Encryption basics for SQL Server : Cryptographic Keys
- Encryption basics for SQL Server : Key Maintenance
- Encryption basics for SQL Server : Key Algorithms
- SQL Server 2005 : Performing Database Backups
- SQL Server 2005 : Restoring Data from a Backup
- SQL Server 2005 : Using Database Snapshots
- SQL Server 2005 : Automating Maintenance with Job Scheduling
- Other SQL Server XML Support
- SQL Server 2005 : Managing XML Data (part 2) - The xml Data Type and Methods
- SQL Server 2005 : Managing XML Data (part 1)
- SQL Server : Removing Unwanted Data
- SQL Server : Changing What Is Already Stored
- Using System Tables and Views
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us