Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Securables
Objects to which access must be secured
Principals
Security identities that access securables and perform actions
Permissions
The actions principals can perform on securables
Windows Azure
Configuration
Server-Level Rules Tools and Methods
Client IP
address
in
range?
Client IP Database-level
address
in No Firewall Rule for
range? Sales. Yes
Yes
Logins:
Create in SQL Server Management Studio
Create using the CREATE LOGIN statement:
CREATE LOGIN [ADVENTUREWORKS\SalesReps] FROM WINDOWS
WITH DEFAULT_DATABASE =[salesdb];
Disable logins:
ALTER LOGIN DanDrayton DISABLE;
Delete logins:
DROP LOGIN DanDrayton;
Demonstration: Authenticating Logins
Configuration:
Client, Server, Database Server Tiers
Definitions
EXEC sp_addlinkedserver@server='RemoteServer',
@srvproduct='',
@provider='SQLOLEDB',
@datasrc='r:\datasource\RemoteServer';
Security
Typical "Double-Hop" Problem
Hop1
Hop2
Delegation:
Identity passed to remote servers
Impersonation:
Identity used within a domain
Windows Authentication
S4U
LogonUser API
Benefits:
Migration
Failover, including AlwaysOn Group Availability
Administration
Development
Considerations:
CDC, CT, Replication not allowed
Some Procedure types not supported
Collation
Password Policy, CREATE USER
ALTER DATABASE CURRENT
Connection Strings must be explicit
Cross Database Queries
Demonstration: Creating a Partially Contained Database
Logon Information
Virtual machine: 20764B-MIA-SQL
User name: ADVENTUREWORKS\Student
Password: Pa$$w0rd