March 10, 2011 at 6:48 am
Hello All,
As I don't have much background in the security side of SQL Server, I need some guidance on setting up security for a small company with perhaps 10 to 15 users max. I plan to use an AD global group to control who's in which role, but there are two levels for roles - database level and server level. As they only have one server, this may be moot for now, but years down the road, long after my role here is done, I'd like to know that what I implement now will at least be easy to modify to meet new goals, or even be easily extendable into future environments. Any guidance here will be most helpful.
Thanks!
Steve
(aka sgmunson)
:-):-):-)
Steve (aka sgmunson) 🙂 🙂 🙂
Rent Servers for Income (picks and shovels strategy)
March 11, 2011 at 12:51 pm
sgmunson (3/10/2011)
As I don't have much background in the security side of SQL Server, I need some guidance on setting up security for a small company with perhaps 10 to 15 users max. I plan to use an AD global group to control who's in which role, but there are two levels for roles - database level and server level. As they only have one server, this may be moot for now, but years down the road, long after my role here is done, I'd like to know that what I implement now will at least be easy to modify to meet new goals, or even be easily extendable into future environments. Any guidance here will be most helpful.
I get the general scenario but there is no specific question so a short and to-the-point answer is not really possible.
My suggestion is to start by checking Microsoft documentation on the particular matter, here... http://www.microsoft.com/sqlserver/2008/en/us/Security.aspx
...then come back with specific questions if needed.
Hope this helps.
_____________________________________
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at Amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.March 11, 2011 at 2:42 pm
With slightly more info from the company, I'm going to let the AD group go by the wayside, as that's just one more thing for them to maintain, and future mods are likely to come from a source similar to me, where they'll both see the database role I created, as well as have the customer be aware of it and it's use. I was primarily looking for some level of guidance as to which level to place the role at, and my own investigations of things suggested the database level, but with little else in the way of guidance, I was hoping for some validation or repudiation without the chance for a prejudicial choice, or at least some guidance in general on the use of roles - the why's and why not's, perhaps... some alternatives... Does that help clarify?
I've created the logins at the server level and the role at the database level and made those users members of the role. Hopefully, that will be adequate, as the company doesn't have full time IT staff, so a group is a maintenance item that for now is better off left out of the picture, but could probably be easily added years down the line when it may become more important.
Steve
(aka sgmunson)
:-):-):-)
Steve (aka sgmunson) 🙂 🙂 🙂
Rent Servers for Income (picks and shovels strategy)
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply