Date 31/07/2023-SQL DBA

RECAP: Class 5

1. SQL Server default Databases are System Databases

2. User Databases Created by DBA/Developer
3. SQL Server supports System and User Databases
4. By default System Databases are created by System/Server
a. Master
b. Model
c. Msdb
d. TempDB
e. ResourceDB(hidden)-Files exists in Default location
5. When we created database two files will be created
a. Master data file(extension is .mdf)
b. Log Data file(extension is .ldf)
c. Secondary Data file(Extension is .ndf)(Optional)
6. User database created by DBA(Database Administartor)
a. Ex: Knr, DBAdmin,Hydeabad etc

7. File and Filegroups

8. Talked about Pages and extents
a. Page:basic unit 8KB
b. Extent: 8*8 Pages is extent
c. Types of Pages
i. Data page
ii. Index
iii. GAM
iv. SGAM

=================================================================================

Class 6:
SQL Server Security:

In this lesson, we will discuss about SQL Server Security concepts

Topics Covered:

1. SQL Server authentication Modes

Mayukha IT Services
mayukhasoftsolutions@gmail.com
+91-9573349020
https://realtimedba.thinkific.com/courses/your-first-course\
https://www.linkedin.com/in/mayukhaitservices/
Date 31/07/2023-SQL DBA
2. Working with Server Level Security
a. Logins
i. Windows Logins
ii. SQL Server logins

Server roles

Credentials

Auditing

3. Working with Databases Level Security

a. Users
b. Permissions
c. Db Roles/user Mappings
4. Permissions
a. Database Level
b. Server level

What is Security?

Microsoft SQL Server provides several built in features that enable security, including encrypted
communication over SSL/TLS, used to encrypt data at rest, authentication and authorization. It is
up to each database administrator to configure these features, or use additional security
measures as needed, to address the security and compliance requirements of their data and
applications.

Logging in to a SQL Server can be achieved by either Windows Authentication or SQL Authentication.

 Using Windows Authentication, SQL Server verifies the account name and password when a
user connects using a Windows user account. This indicates that Windows has verified the user's
identity. Both the identity validation and the password request are not handled by SQL Server.
 When using SQL Server Authentication, the user name and password are both generated using
SQL Server and saved there. Every time they connect using SQL Server Authentication, users are
required to enter their credentials (login and password).

SQL Server security is based on several hierarchical entities:

Mayukha IT Services
mayukhasoftsolutions@gmail.com
+91-9573349020
https://realtimedba.thinkific.com/courses/your-first-course\
https://www.linkedin.com/in/mayukhaitservices/
Date 31/07/2023-SQL DBA
 Server—representing the entire SQL Server instance.
 Database—each server can have multiple databases.
o A database is a collection of securable objects.
 Securable object—data stored in a database, which requires associated permissions.
 Principal—a person, group, or process that needs to access data. Privileges granted to principals
are managed by the SQL Server security framework.

Server Role Description

sysadmin Members of the sysadmin fixed server role can perform any activity in the server.
serveradmin Members of the serveradmin fixed server role can change server-wide
configuration options and shut down the server.
securityadmin Members of the securityadmin fixed server role manage logins and their
properties. They can GRANT, DENY, and REVOKE server-level permissions. They
can also GRANT, DENY, and REVOKE database-level permissions if they have
access to a database. Additionally, they can reset passwords for SQL Server
logins.

IMPORTANT: The ability to grant access to the Database Engine and to configure
user permissions allows the security admin to assign most server permissions.
The securityadmin role should be treated as equivalent to the sysadmin role.
processadmin Members of the processadmin fixed server role can end processes that are
running in an instance of SQL Server.
setupadmin Members of the setupadmin fixed server role can add and remove linked servers
by using Transact-SQL statements. (sysadmin membership is needed when using
Management Studio.)
bulkadmin Members of the bulkadmin fixed server role can run the BULK INSERT statement.
diskadmin The diskadmin fixed server role is used for managing disk files.
dbcreator Members of the dbcreator fixed server role can create, alter, drop, and restore
any database.
public Every SQL Server login belongs to the public server role. When a server principal
has not been granted or denied specific permissions on a securable object, the
user inherits the permissions granted to public on that object. Only assign public
permissions on any object when you want the object to be available to all users.
You cannot change membership in public.

Note: public is implemented differently than other roles, and permissions can be
granted, denied, or revoked from the public fixed server roles.
Mayukha IT Services
mayukhasoftsolutions@gmail.com
+91-9573349020
https://realtimedba.thinkific.com/courses/your-first-course\
https://www.linkedin.com/in/mayukhaitservices/
Date 31/07/2023-SQL DBA

Database Roles:

Fixed Database Role Description

Name
db_owner Members of the db_owner fixed database role can perform all
configuration and maintenance activities on the database, and can also
drop the database in SQL Server. (In SQL Database and Azure Synapse,
some maintenance activities require server-level permissions and cannot
be performed by db_owners.)
db_securityadmin Members of the db_securityadmin fixed database role can modify role
membership for custom roles only and manage permissions. Members of
this role can potentially elevate their privileges and their actions should
be monitored.
db_accessadmin Members of the db_accessadmin fixed database role can add or remove
access to the database for Windows logins, Windows groups, and SQL
Server logins.
db_backupoperator Members of the db_backupoperator fixed database role can back up the
database.
db_ddladmin Members of the db_ddladmin fixed database role can run any Data
Definition Language (DDL) command in a database.
db_datawriter Members of the db_datawriter fixed database role can add, delete, or
change data in all user tables.
db_datareader Members of the db_datareader fixed database role can read all data from
all user tables.
db_denydatawriter Members of the db_denydatawriter fixed database role cannot add,
modify, or delete any data in the user tables within a database.
db_denydatareader Members of the db_denydatareader fixed database role cannot read any
data in the user tables within a database.

Mayukha IT Services
mayukhasoftsolutions@gmail.com
+91-9573349020
https://realtimedba.thinkific.com/courses/your-first-course\
https://www.linkedin.com/in/mayukhaitservices/