DBMS ไทย บทที่ 16 การจัดการความปลอดภัยใน SQL Server

16 SQL Server SQL Server

SQL Server

SQL Server SQL Server (Login) (User Permissions) Stored Procedure Window XP / 2003 Server / Vista SQL Server 2005

SQL Server 2 Windows Authentication Mode

SQL Server Microsoft Windows SQL Server SQL Server SQL Server Authentication Mode

SQL Server SQL Server

SQL Server

SQL Server Windows Windows Authentication

Windows Authentication SQL Server SQL Server Window Server Domain Controller SQL Server Windows Authentication SQL Server Authentication Windows Server Windows Server 2003, Windows Vista Windows Server , , SQL Server Authentication

SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server Authentication Windows Windows 98/ME Windows Authentication SQL Server Authentication

Windows Authentication Authentication Local Domain SQL Server sa sa Authentication Windwos Authentication

SQL Server 2 sa (Systerm Administrator) guest sa SQL Server SQL Server

Windows Authentication SQL Server Authentication

1. Management Studio

Properties Server Properties

2 Windows Authentication mode Windows Windows 98/ME sa SQL Server and Windows Authentication mode (Mixed mode ) SQL Server 1. Server Properties Windows Authentication mode OK

2. Restart3. Disconnect4. Connect Object Explorer Connect to Server sa Windows SQL Server SQL Server 2 1. Login ( ) THARIN sysxlogins master (User)

2. User ( ) SQL Server Kim Kim1 Orders1 Kim2 Orders2 Kim Orders1 Orders2 () Kim1 Kim2 Kim1 TblProducts Orders1 Kim2 TblProducts Order2 sysusers

Login User Management Studio

Management Studio 1. Login Login New Login

2. Login New Login name 2 Windows Authentication Windows Search Windows SQL Server Authentication SQL Server Password Enforce password policy 6 3 4 ( 1 A Z, 2 a z, 3 0 9, 4 !, $, #, %)

Enforce password expiration User must change password at next login SQL Server User must change password at next login SQL Server Windows Server Windows 2003/Vista Default database Default language

3. Server Roles (Role) Role

3. (Role) Server Roles

Role Permissions Role 4. User Mapping User Mapping to this login Map User Database role membership (Role)

5. Securables (Permission) Role

5. (Permission) Securables

6. Status Permissoion / (Grant) (Deny)

Login / (Enable) (Disable)

Transact SQL

Management Studio Stored Procedure sp_addlogin

Login_id Password defaultdb master defaultlanguage NULL

tharin SUCCESS Orders Management Studio

(Server Roles) (Roles) ( )

Management Studio Delete

Delete Transact SQL

Management Studio Stored Procedure sp_droplogin

tharin

,

Login Properties

(Server Roles) sysadmin

sp_password

sp_password success, tharin

SUCCESS tharin Management Studio

Management Studio 1. Security Users New User

Users New User

2. Database User New User name Login name ( ) (Roles) Database role membership OK

Transact SQL

Management Studio Stored Procedure sp_addlogin

login_id username rolename Role Role ()

kim tharin

Management Studio

Management Studio Delete

Delete

SQL Server ALTER AUTHORIZATION

entity_name Type, XML Schema Collection, Fulltext Catalog, Schema, Assembly, Role, Message Type, contract, Service, Remote Service Binding, Route, Symmetric Key, Endpoint, Certificate Data base

SCHEMA OWNER

Stored Procedure sp_help

Transact SQL

Stored Procedure sp_dropuser

, , 1 128 , Margaret, Tharin, Sonsit 14#&xyz

, , Transact SQL () ([]) , , Tharin Sittitummancharee

$ @ $Tharin

,

\ (backslash) \ Windows NULL () SQL Server SQL Server Sa (System Administrator)

System Administrator (sa) SQL Server sysadmin role () sa sysadmin role ( sysadmin role sa) sa SQL Server

SQL Server sa SQL Server dbo (Database Owner)

dbo SQL Server db_owner role sysadmin role dbo success sysadmin role tharin success sysadmin role tharin dbo T1 dbo.T1 tharin.T1

success sysadmin role tharin dbo db_owner role success tharin db_owner role tharin.T1 dbo.T1

dbo sysadmin role dbo dbo

tharin T1 tharin.T1

guest

guest guest guest guest guest guest 2 guest db_accessadmin ( ) Default database guest 2 Default database guest RolesSQL Server Role Roles Role Role Managers tharin Roles SQL Server Roles PUBLIC Roles Roles Public Roles

1 Roles tharin Roles Managers Roles Employees Roles Windows 2003/Vista

SQL Server

Roles SQL Server Roles Roles Roles 2

Standard Roles Roles Application SQL Server Finance Finance Marketing Marketing Roles 2 Roles Roles Roles Management Studio

Roles Role Roles Roles Roles Roles Roles Roles Managers TblCustomers Role Employees Roles Management Studio Roles 1. Roles Roles Properties

2. Database Role Properties Add... Remove

Roles Database User / Roles Roles

Roles Transact SQL

Role Stored Procedure sp_addrolemember

sp_droprolemember

Fixed Server Roles

SQL Server Roles Roles Roles (Server Roles) SQL Server, Windows 2003/Vista Roles

Fixed Server Roles Fixed Server Roles

bulkadmin

dbcreator

diskadmin

processadmin

securityadmin

severadmin

setupadmin

sysadmin BULK INSERT SQL Server CREATE DATABASE error logs SQL Server Linked Servers Start Up Procedures SQL Server

Windows 2003/Vista BUILTIN\Administrator Group syadmin

Fixed Server Roles sp_helpsrvrole Roles sp_srvrolepermission

Fixed Database Roles

Fixed Database Roles Roles (Database Roles) Roles Fixed Database Roles Fixed Database Roles

db_accessadmin

db_backupcperator

db_datareader

db_datawriter

db_ddlladmin

db_denydatareader

db_denydatawriter

db_owner

db_securityadmin DBCC, CHECKPOINT BACKUP DDL (Data Definition Language) CREATE TABLE GRANT, REVOKE DENY , , Roles Roles

Fixed Database Roles sp_helpdbfixedrole Roles sp_dbfixedrolepermission

Public Roles

Public Roles Roles Roles , Roles Roles master, msdb, tempdb, model Roles Roles Management Studio

Management Studio Roles 1. Roles Database Roles New Database Role2. Database Role New Roles Role name Roles3. (Permission) Roles Securables OK Roles

Roles Transact SQL

Roles Management Studio Stored Procedure sp_addrole Roles

Role Roles professor

sp_droprole Roles

Roles professor (Permission) , User Role database owner (dbo) system administrator (sa) (Permission)

SQL Server 3 Object Permissions Stored Procedure SELECT, INSERT, UPDATE DELETE SELECT, UPDATE INSERT, DELETE SELECT User Defined Functions EXECUTE Stored Procedures Functions DRI (declarative referential integrity) Foreign key Constraints Statement Permissions CREATE TABLE BACKUP DATABASE

BACKUP LOG

CREATE DATABASE

CREATE DEFAULT

CREATE FUNCTION

CREATE PROCEDURE

Stored Procedure

CREATE RULE

Rule

CREATE TABEL

CREATE VIEW

Implied Permissions SQL Server sysadmin Server Roles db_owner Database Roles 2

Staterment Permissions 1. Properties

2. Database Properties Permissions Add User Roles 3 Grant

Deny

With Grant ()

OK

Object Permissions Roles

1. Role ( Roles SQL Server ) Properties

2. Database Role Properties Securables

User

1. User ( User SQL Server ) Properties

2. Database User Securables GRANT REVOKE Management Studio GRANT User Roles

REVOKE GRANT permission_list GRANT REVOKE (,) ALL object_name Stored Procedures name_list User Roles GRANT kim TblOrders GRNT SELECT, UPDATE

ON TblOrders

TO kim

REVOKE kim TblOrders

REVOKE DELETE

ON TblOrders

FROM kim

sp_addlogin login_id [, password [, defaultdb [, defaultlanguage]]]

sp_droplogin login_id

1.

2.1

2.2

sp_adduser login_id [, username [, rolename]]

ALTER AUTHORIZATION

ON [ ::] entity_name

TO { SCHEMA OWNWE, principal_name }

sp_dropuser username

kim

Database User

sp_addrolemember [ @rolename = ] role , [ @membername = ] security_account

sp_droprolemember [ @rolename = ] role , [ @membername = ] security_account

kim Roles db_accessadmin

kim Role db_accessadmin

Fixed Server Roles SQL Server

sp_addrole [ @rolename = ] role [ , [ @ownername = ] owner ]

sp_droprole [ @rolename = ] role]

GRANT permission_list

ON object_name

TO name_list

REVOKE permission_list

ON object_name

FROM name_list

Note

Note

Note

Note

Note

Note

Note

Note

Note