Security Principle questions

Question

Post reply

Security Principle questions

shannonjk

SSCarpal Tunnel

Points: 4286
More actions
February 21, 2009 at 10:55 pm

#201475

Hello all 🙂
So my security knowledge is less than I would like it to be and I have a few questions in my endeavor to learn more.
On SQL Server Security Principles I am having a difficult time wrapping my head around this.
For instance, if I created a SQL Server Login 'Test' that was part of the Public role, shouldn't I not be able to modify server properties when logged into this role?
Also are there any good sites for Security in SQL Server in general? I find this is my greatest weakness
Link to my blog http://notyelf.com/

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Ron McCullough SSC Guru Points: 63877 More actions · Answer 1

To get started quickly use this:

http://www.sqlservercentral.com/tags/Security

On SSC pay particular attention to articles by Brian Kelly - an expert on SQL Server Security starting with:

http://www.sqlservercentral.com/search/?cx=000517265726492607871%3Agqdiynsp-y0&cof=FORID%3A9&q=%22brian+Kelly%22&sa=Go#1051

If everything seems to be going well, you have obviously overlooked something.

Ron

Please help us, help you -before posting a question please read[/url]
Before posting a performance problem please read[/url]

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 2

All logins are a member of the public role. Therefore, being a member of that role doesn't give you any special rights.

To have rights to control server properties, all properties, you either need to be a member of the sysadmin fixed server role or you need CONTROL SERVER granted explicitly to your login or a Windows group login that you belong to.

K. Brian Kelley
@kbriankelley

shannonjk SSCarpal Tunnel Points: 4286 More actions · Answer 3

Thanks to both that helped though I just figured out the problem;

I was logged in through my windows account, and even when I RDC'd into the server and changed my role down to just public, I could still change things. I Realized after failing several times, that my login was a part of the administrator role on the Server itself. I didn't realize that the server security settings overrode the SQL Server Security settings.

So when adding logins to SQL Server, I need to be mindful of each users security level on the server itself?

Link to my blog http://notyelf.com/

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 4

Absolutely. And remember in the case of Windows users to consider what groups they are members of that are granted access to SQL Server. SQL Server security works like Windows file and share security. SQL Server will aggregate permissions and take the maximum set defined, unless there is an explicit DENY.

K. Brian Kelley
@kbriankelley

shannonjk SSCarpal Tunnel Points: 4286 More actions · Answer 5

Cool and thank you for all your help 🙂

Link to my blog http://notyelf.com/