RSS

Tag Archives: SQL Server Security

SQL 2016 Row-Level Security Demo: Users with various clearance levels

SQL 2016 Row-Level Security Demo: Users with various clearance levels

SQL 2016 is right around the corner and one of the new security enhancements promised is Row-Level security for tables.  It’s a great new feature and pretty easy to implement.  I have created a simple demo that gives various users access to data based on specific clearance level to the data.  Feel free to modify the code and play around with it how to see fit.  There are many different ways to setup Row-Level security and this is just one scenario.  One of the things you’ll notice if you go through the scripts below is that the dbo user does not have access to the data after the the security policy is applied.  This is key for many environments where customers do not want administrators to have access to sensitive data.  Of course anyone with good coding skills and the proper permissions could circumvent that, but that’s why we put auditing measures in place 🙂

I’ve broken up the code into three sections.  The first is for setting up the database and permissions.  The second section creates the tables in the database and puts test data in them.  The third section is for the creation of the function and security policy which enables Row-Level Security. After creating the function and security policy, go back to the second section and re-run the select statements to see the security policy in action.  This demo was created on SQL 2016 CTP 2.2.  If you are interested in learning more about Row-Level Security and to see some other demos please refer to this webinar from PASS.

Read the rest of this entry »

 

Tags: , , ,

SQL Server 2014 BI دورة تمهيدية شاملة في

SQL Server 2014 BI دورة تمهيدية شاملة في

الزملاء الأعزاء من العالم!
السلام عليكم و رحمه الله و بركاته
أقدم لكم دورة تمهيدية شاملة في SQL Server 2014 BI. وتقدم هذه الدورة التدريبية باللغة العربية، وتهدف إلى المساعدة فى التقديم للمفاهيم الأساسية للمهنيين المتخصصين فى قواعد البيانات عامه وبخاصه SQL Server BI في محاولة متواضعه منى لنشر هذه المعرفة والعلم بين اخوانى الناطقين باللغه العربية.
تهدف هذة الدورة التدريبية الى تلبيه فضول واثاره اهتمام المتخصصين فى مجال SQL Server BI وعلى وجه الخصوص  BI Developers كما ان هذة الدورة مبسطه الشرح خاصة فى الدروس الاولى لكى يسهل على المبتدئين فى مجال SQL Server BI متابعتها واضعا فى اعتبارى انه لا يوجد الا القليل من المواد فى هذا المجال باللغة العربية. فقررت بعون الله وتوفيقه ان ايسر هذا العلم بين ايديكم لعل الله ينفع به احد من اخوانى و اخواتى فى اي مكان فى العالم. اسال الله عز وجل ان تنال هذه الدروس اعجاب الجميع و خاصه المهتمين بمجال SQL Server BI ارجو من جميع الأخوة والأخوات ان يذكرونى فى صالح دعائهم
و لاتترددوا فى مراسلتى و ابداء ارائكم و مقترحاتكم البناءة لتطوير هذا العمل الخيرى باءذن الله تعالى

أخوكم
أيمن الغزالى
3/2015 فى واشنطن- الولايات المتحدة الأمريكية

Link to Videos

Dear Colleagues of the Database World!
I present to you a comprehensive introductory course in SQL Server
2014 BI. This course is presented in the Arabic language, and is
intended to introduce core concepts to Database Professionals that are
trying to acquire knowledge in SQL Server BI. The course is geared
towards those that aspire to become BI Developers, or those just
interesting in learning the basics of SQL Server BI. Since there is very
little material in Arabic, I decided to try to use my skills to bridge
the knowledge gap for my SQL Family that communicates in Arabic. I
hope you enjoy the classes and please feel free to share and leave
constructive feedback.

Thank you and good luck future SQL Server Professionals world wide!

Special thanks to my friends Mohamed Elsharkawy for his help and support with this production.

 
 

Tags: , , , , , , , , , , , ,

SQL Server 2012 دورة تمهيدية شاملة في

SQL Server 2012 دورة تمهيدية شاملة في

الزملاء الأعزاء من العالم!
السلام عليكم و رحمه الله و بركاته
أقدم لكم دورة تمهيدية شاملة في SQL Server 2012. وتقدم هذه الدورة التدريبية باللغة العربية، وتهدف إلى المساعدة فى التقديم للمفاهيم الأساسية للمهنيين المتخصصين فى قواعد البيانات عامه وبخاصه SQL Server في محاولة متواضعه منى لنشر هذه المعرفة والعلم بين اخوانى الناطقين باللغه العربية.
تهدف هذة الدورة التدريبية الى تلبيه فضول واثاره اهتمام المتخصصين فى مجال SQL Server وعلى وجه الخصوص DBAs و كذلك Developers كما ان هذة الدورة مبسطه الشرح خاصة فى الدروس الاولى لكى يسهل على المبتدئين فى مجال SQL Server متابعتها واضعا فى اعتبارى انه لا يوجد الا القليل من المواد فى هذا المجال باللغة العربية. فقررت بعون الله وتوفيقه ان ايسر هذا العلم بين ايديكم لعل الله ينفع به احد من اخوانى و اخواتى فى اي مكان فى العالم. اسال الله عز وجل ان تنال هذه الدروس اعجاب الجميع و خاصه المهتمين بمجال SQL Server ارجو من جميع الأخوة والأخوات ان يذكرونى فى صالح دعائهم
و لاتترددوا فى مراسلتى و ابداء ارائكم و مقترحاتكم البناءة لتطوير هذا العمل الخيرى باءذن الله تعالى

أخوكم
أيمن الغزالى
ديسمبر2013 فى واشنطن- الولايات المتحدة الأمريكية

Link to Videos

Dear Colleagues of the Database World!
I present to you a comprehensive introductory course in SQL Server
2012. This course is presented in the Arabic language, and is
intended to introduce core concepts to Database Professionals that are
trying to acquire knowledge in SQL Server. The course is geared
towards those that aspire to become DBAs, Developers, or those just
interesting in learning the basics of SQL Server. Since there is very
little material in Arabic, I decided to try to use my skills to bridge
the knowledge gap for my SQL Family that communicates in Arabic. I
hope you enjoy the classes and please feel free to share and leave
constructive feedback.

Thank you and good luck future SQL Server Professionals world wide!

Special thanks to my friends Mohamed Elsharkawy, Jihad Abouhatab and my brother Islam El-Ghazali for their help and support with this production.

 
 

Tags: , , , , , , , , , , , ,

Social Engineering: How to prevent unauthorized access to SQL Server using SQL Logins

Social Engineering: How to prevent unauthorized access to SQL Server using SQL Logins

People are always concerned about Security when it comes to their data.  I don’t blame them, I love keeping my job and I love to protect the sensitive data we store. You also don’t want someone with little SQL skills going in and running huge queries that bring the server to a screeching halt. In all honesty though, security has a HUGE aspect that is outside the realm of anyone’s technical expertise, it’s the “social factor” of security that is tricky.

Read the rest of this entry »

 

Tags: ,

SQL Server Management Studio Rainbow Edition

SQL Server Management Studio Rainbow Edition

Ever wanted to know the reason behind the Database color scheme in SQL Server Management Studio?

I have always wondered why all the Databases in management studio were Yellow (Online), Grey (Read-Only), Lighter Yellow with text next to it (something like Restoring), or Yellow with a Red Icon (Offline). Have you ever wondered why there aren’t any more useful colors like Red for when a Transaction Log is Full or Purple when your Statistics are Outdated. I have a theory on this that I have entitled “The Theory that you have to actually work to call yourself a DBA.”

colorful databases

Read the rest of this entry »

 

Tags: , , , , , , , ,

How to Avoid a Database “Heart Attack”

How to Avoid a Database “Heart Attack”

For the past couple of months I have been working with Ben Weiss a Digital Marketing Strategist at Infusive Solutions (http://www.infusivesolutions.com/). Our partnership was based on a mutual understanding that there is much needed career growth and guidance among IT Professionals. Since my background is primarily with Database Management Systems I have been helping him with writing articles, guides, and even interview questions for top professionals in the field, all for the purpose of furthering the careers of IT professionals.

Our latest project is a Lessons Learned pamphlet based on several articles I wrote about a year ago after attending open heart surgery (as an observer, not a patient). Here is the link to the final product, I hope you enjoy and benefit from it.

Here is a link to a summary of the project
http://www.infusivesolutions.com/blog/bid/98928/3-Ways-Business-Observation-Catalyzes-SQL-Server-DBA-Job-Growth

 

Tags: , , , , , , , ,

What if your database server was hacked and all your data was deleted?

What if your database server was hacked and all your data was deleted?

Recently in the news an article circulated about a coordinated attack by a team of hackers known as Anonymous. Information about this incident is all over the internet here is one article with details RT News.

Part of that attack included deleting a database belonging to the Israeli Foreign Ministry. The details are not clear, but I wanted to write about what may have happened and how you can prevent it or recover from it in your own environment.

Read the rest of this entry »

 

Tags: , , , , ,

Listing server and database roles for all logins and users in SQL Server – Part 3 – Using SSRS Reports to Monitor and Fix security problems

Listing server and database roles for all logins and users in SQL Server – Part 3 – Using SSRS Reports to Monitor and Fix security problems

Finally the epic conclusion to my three part series about listing server and database roles. In this post I will show you how to create SSRS report to use for regular tracking or auditing purposes. This is a much easier and cleaner way of looking at the data and you can provide it to other team members or even your manager.

You can read Part 1 here if you haven’t yet.
You can read Part 2 here if you haven’t yet.

Read the rest of this entry »

 

Tags: , , , , , , ,

Listing server and database roles for all logins and users in SQL Server – Part 2 – Remote Servers

Listing server and database roles for all logins and users in SQL Server – Part 2 – Remote Servers

Building upon the code in my previous post, I will be retrieving permissions information from remote servers that I have access to. This was a little more difficult to accomplish because security is different on different servers and I did not want to create Linked Servers with escalated permissions. Read only SQL users was an option, however there is no good way to make sure that these users will have read permissions on all current and future databases. It took a while to over come these challenges but I got it working; obviously since I have this blog post.

You can read Part 1 here if you haven’t yet.

Read the rest of this entry »

 

Tags: , , , , ,

Listing server and database roles for all logins and users in SQL Server – Part 1 – Local Server

Listing server and database roles for all logins and users in SQL Server – Part 1 – Local Server

I was approached with a unique problem to solve; find out who has what permissions on my Database Servers.  This is the first post in a three part series about finding all user permissions on your SQL Server instance. The next posts will build upon this and introduce a way to use the same queries to get permissions from remote servers.  In the final post, I will create a report that will nicely display the results of all those queries making it easy to audit and fix security problems. The granularity I’m going for is mapping logins/users to their corresponding roles at the instance and database level.

Read the rest of this entry »

 

Tags: , , , , ,

SQL Server 2012 Service Pack 1 Released for CTP4.


CORRECTION: This is for CTP4 (Community Technology Preview) not RTM (Release to Manufacturing). Therefore, you cannot install this if you are running a full version of SQL Server 2012. Sorry for the confusion, the original article I read did not mention anything about it being for CTP.

Fresh off the tree and ripe for picking…

Link for downloading SQL Server 2012 CTP4 Service Pack 1:
http://www.microsoft.com/en-us/download/details.aspx?id=34700

 

Tags: , , ,

SQL Security Architecture Decomposed Presentation

SQL Security Architecture Decomposed Presentation

Professional Association for SQL Server Presentation
Topic: SQL Server Security Architecture Decomposed
Presenter: Ayman El-Ghazali

Abstract: Security can be difficult to understand when first approaching SQL Server due to the many layers. In this webinar we will take a top down look at SQL Server Security and then “peel” its layers one by one to understand how it works. This webinar will help those who wish to understand security layers and concepts better with in SQL Server. We will cover how to properly manage individual and group access to your SQL Instance, Databases, and many other securables. Please join us on this journey from your server’s network port all the way to your tables, stored procedures, and functions.

http://dba.sqlpass.org/MeetingArchive.aspx

June 27, 2012 – SQL Server Security Architecture Decomposed. Click here to start streaming.

Slides and Code for all Presentations can be found here

 

Tags: , , , , ,

 
<span>%d</span> bloggers like this: