By now you must have heard of the SQL Slammer worm. It was quite an infectious little nuisance. The harm it caused came largely due to unpatched, unprotected SQL Servers.
I found myself perusing an execution plan the other day. I know, big surprise there. This execution plan showed me some interesting things I had never really paid much attention to in the past. When […]
A good rule of thumb with the public role is to leave it be. Do not add permissions to this role. Add permissions on a per database and per group of users basis. Create roles within the database and grant permissions to that role – in each database. And remember the rule of least privilege – don’t grant more permissions to a user/role than necessary to perform the job function. Just the same as in an airport – everybody has their role and it is strictly defined. If the user need not have access – then don’t grant the permissions.
In SQL Server a good practice is to access the data via calls through stored procedure. Have a look at the document available in that link. To further this practice, one may create a database […]
Did you know that you can grant permissions down to the column level in SQL Server? Well, if you didn’t know that – you do now. It is actually rather simple to grant permissions […]
We have another opportunity to write as a part of TSQL Tuesday today. This month Matt Velic (Blog | Twitter). Matt has proposed a challenge that was derived from a comment on twitter. The challenge […]
I was strolling along one day when I saw somebody asking how to find out who owns a maintenance plan. That evolved into finding out who owns the the job associated with the maintenance plan. […]
How well do you know the security in your SQL instances? Do you know who has sysadmin level permissions? SQL Server provides a few methods for you to find out who is a member of […]
When it is necessary to provide reports on activity occurring on the server, it pays to do a little prep work. Be Prepared. It is not an easy task to be able to go back in time and report on data that isn’t captured. The little prep work that one may need to do is well worth the effort in the end.
This article demonstrates a script that will generate a nice html report of your database security suitable for the auditors.