Logins and Users will be covered, as well as SQL Server 2008’s built-in roles.. The SQL Server Surface Area Configuration tool will be covered as well as the provisioning of the accounts
Trang 1122 Chapter 3 • Configuring SQL Server 2008
Self Test Quick Answer Key
1 D
2 A
3 C
4 A and C
5 D
6 B
7 D
8 A
9 C
10 A and C
11 B and C
12 B
13 A
14 C
15 B
16 C
17 A
18 B
19 C
20 A
Trang 2Exam objectives review:
˛ Summary of Exam Objectives
˛ Exam Objectives Fast Track
˛ Exam Objectives Frequently Asked Questions
˛ Self Test
˛ Self Test Quick Answer Key
Exam objectives in this chapter:
Principals
■
■
Roles
■
■
The “Principle of Least Privilege”
■
■
Users
■
■
Schemas
■
■
Permissions
■
■
Auditing
■
■
The SQL Server Configuration Manager
■
■
Security and SQL Agent
■
■
Managing Security
Chapter 4
MCTS SQL Server 2008
Exam 432
Trang 3124 Chapter 4 • Managing Security
Introduction
Security is an often overlooked factor when designing an application In this chapter, all aspects of security will be discussed
Logins and Users will be covered, as well as SQL Server 2008’s built-in roles Some new features are available for policy management
This chapter will also review user roles and schemas, as well as the pros and cons
of granting access to objects The tradeoff between more granular security and less granular security will be discussed
SQL Authentication will be covered in great detail, along with the pros and cons of each method
The SQL Server Surface Area Configuration tool will be covered as well as the provisioning of the accounts used for SQL Server Services
Principals
As we begin to look at SQL Server 2008 security management, a good place to start is to define what SQL Server considers a principal Principals are entities that can request SQL Server resources and their scope of influence depends on the definition scope of the principal Windows-level principals have a Windows permission scope, SQL Server-level principals have server-level permissions and Database-level principals have database-level permissions A Security identifier (SID)
is assigned to every principal The following shows the hierarchy of SQL Server
2008 principals and how logins and database users can be mapped to security objects Fixed server and database roles are not shown here but are discussed in the next section
TesT Day Tip
Make sure that you are familiar with this hierarchy and how the
principals can be mapped.
Windows-level principals
Windows domain login
■
■
Windows local login
■
■
Windows group
■
■
Trang 4SQL Server-level principals
SQL Server login
■
■
SQL Server login mapped to a Windows login
■
■
SQL Server login mapped to a certificate
■
■
SQL Server login mapped to an asymmetric key
■
■
Database-level principals
Database user
■
■
Database user mapped to SQL Server login
■
■
Database user mapped to a Windows login
■
■
Database user mapped to a certificate
■
■
Database user mapped to an asymmetric key
■
■
Database role
■
■
Application role
■
■
Public role
■
■
The hierarchy of securable objects in SQL Server 2008 is as follows:
Server
Database
■
■
Endpoint
■
■
Remote Binding
■
■
Route
■
■
SQL Server Login
■
■
Database
Application Role
■
■
Assembly
■
■
Asymmetric Key
■
■
Certificate
■
■
Database User
■
■
Fixed Database Role
■
■
Trang 5126 Chapter 4 • Managing Security
Full-Text Catalog
■
■
Message Type
■
■
Service
■
■
Service Contact
■
■
Symmetric Key
■
■
Schema
Default
■
■
Function
■
■
Procedure
■
■
Query Stats
■
■
Queue
■
■
Rule
■
■
Synonym
■
■
Table
■
■
Trigger
■
■
Type
■
■
View
■
■
XML Schema Collection
■
■
exam Warning
Make sure that you are familiar with the principals listed above regarding their scope and how they fit into the SQL Server 2008 hierarchy.
Roles
Like Windows groups, SQL Server provides two roles, server- and database-level roles into which logins and users can be added Server-level roles are fixed roles that have a serverwide permission scope Each built-in role serves a specific purpose