Today's post is in regards a feature that was released with SQL Server 2012, it hasn't gotten the attention or used that it deserves even when it helps solving a lot of problems you face when upgrading or migrating the database servers and is Contained databases.
What is a Contained database?
A contained database is a database that is isolated from other databases and from the instance of SQL Server that hosts the database. A contained database basically includes all database settings and the metadata within itself thereby resulting in no configuration dependencies on the instance of the SQL Server Database Engine where the database is actually installed. Users will be able to connect to a contained database without authenticating a login at the Database Engine level. This feature really helps to isolate the database from the Database Engine thereby making it possible to easily move the database from one instance of SQL Server to another, this is incredibly useful when you have HA environments. The Contained databases feature is available at the instance level and is not enabled by default.
What type are available?
Contained database feature provides two containment modes:
None – By default each database has its mode set as NONE. This means there is no contained database feature being used.
Partial – With partially contained databases, we can define boundaries between databases and the server, so the metadata will exist inside the databases. It makes SQL Server databases more portable and less dependent on underlying hosts.
Advantages of contained databases :-
1. User authentication can be done at database level, so you only need to be sure to grant the users permissions in your database.
2. Have less dependency on instance than conventional databases. Objects & features of each database can be managed by them self, reduce workload of system database & SQL instance
3. Easier & Faster to migrate databases from one server to another. Errors related to missing users and orphan users are no longer an issue.
4. Contained database users can be Windows and SQL Server authentication users.
5. Contained database user can access only contained database objects. They cannot access system databases and cannot access server objects.
6. This is the preferred mode to be used with HADR (Always On)
7. Maintaining database settings in the database, instead of in the master database increase security & flexibility. Each database owner have more control over their database, without giving the database owner sysadmin permissions.
8. To close collation issues in contained database. New feature catalog collation introduced with contained database. Now database collation works for user objects & catalog collation works for system objects in database. Catalog collation will be same for all contained databases on all SQL instance, also this collation cannot be changed.
Disadvantages and Limitations of contained databases :-
1. A database owner has more control on contained database, User can create contained database users without the permission of a DBA that can lead to security issues & data theft threat
2. Contained databases cannot use replication, change data capture, change tracking, numbered procedures, schema-bound objects that depend on built-in functions with collation changes
3. Before changing containment settings at database level from NONE to PARTIAL , contained databases feature needs to be enabled at instance level, so make sure to enable it before releasing your server and database to production.
4. To connect to a contained database, you need to specify the database name in the default database option tab.
5. Temporary stored procedures are currently permitted. But can be removed from future versions of contained database.
6. Contained database user can access other databases on the Database Engine, if the other databases have enabled the guest account, which can be a security issue.
Changes cross versions:
This feature hasn't gotten any change since it got released with SQL 2012, mostly as the new versions have been focused in improving the performance, security and integrating Artificial Intelligence and Machine learning features, however, personally if you have environments where you need High Availability and every time that you failover your groups you need to resynch your users and principals, this might work for you, however, you will need to remove you database from your availability group if you want to enable this in your database, but we will be working with it in next week's post.
Thanks for reading!
Resources: