It is popular that the database is a database that stores information with certain characteristics. Typically, we divide users using the database system into four categories, database designers, database managers, application designers and general users. Among them, the database managers are responsible for the management and maintenance of the account, determine the use permission of all database users. Database security management can be said to be the most important task of database managers. SQL Server is Microsoft's Enterprise Database, which is a powerful, easy-to-use database that is directly integrated with the Windows NT / 2000 user account.
So what is safety management? In short, security management means management of people who need to log in to servers. In the application, we will set data operation permissions for all kinds of users of the database, usually in the application of accounts and passwords directly in the application, but this approach needs to write program control. SQL Server has a kind, easy-to-operate graphics use interface that can easily manage access rights to SQL Server.
SQL Server security management can be divided into 3 hierarchies, namely login accounts, and management of the database and access to the specific database and the user's operation permission to the connected database. Below, we will do a detailed description of these three levels.
First, any user who needs to access the SQL Server needs to have a set of servers, approved accounts and passwords. SQL Server supports two ways of login, one for Windows, and another for SQL Server authentication. The former will establish a login account corresponding to WindWos NT / 2000 in SQL Server, allowing the user to log in to Windows NT / 2000 to correspond to each other in SQL Server, so it can be smoothly connected to SQL Server, thereby We completed the integration of Windows NT / 2000 security management mechanism.
Next, the database manager will enter the account on Windows NT, and directly add a group in Windows NT to SQL Server to become a login account.
Through the above operation, the members of the Windows NT login in the group can connect to SQL Server. If a member in the group does not allow it to log in to SQL Server, set the members' personal account to refuse access in SQL Server. If you install SQL Server in Windows 95, Windows 98 or Windows ME, you cannot use Windows authentication.
If you use SQL Server authentication, you must establish a login account name and password for users to connect to SQL Server, these accounts and passwords are independent of the account of Windows NT / 2000.
Second, management and access to a specific database After establishing a login account, the user can enter SQL Server, but does not represent the user with the authority connected to the SQL Server specific database, must set the user or group SQL Server's operational permissions. The operation permission to the database can be divided into the server's own operation permission and the access rights of the database. The operation permission to SQL Server can be set by the server role, and the access rights of the database can be set by the role and the user's access to the individual table. So, what is the difference between server roles and characters?
1. Server role SQL Server system built-in 8 server roles (you can imagine the role to become a group in a Windows NT account), which cannot be changed or added. When a server role is set to a user or group, it has the permissions owned by the server role. The server role is to classify the management of SQL Server, such as establishing accounts and database backups, which are different from the database role, the latter is the operation permission to individual database.
We simply list the permissions owned by the eight server characters. System Administrators indicates that the system administrator can perform any action. Security Administrators represents the management login account. Server Administrators represents the parameters of setting SQL Server. Setup administrators represents the settings for the Replication and the management expansion preservation program. Process Administrators represents the program that manages all execution of SQL Server. Disk administrators represents the management database file. Database Administrators represents the establishment and changing the database properties. Bulk INSERT Administrators represents management of executable Bulk INSERT operations. 2. Role SQL Server Built 10 database roles, it cannot be changed or deleted, but the role can be added to individual libraries. If the user has the database owner permission in the built-in role, it has the full operation of the database. Detailed permission for the remaining roles Description Referring to SQL Server BOL (ie SQL Server Books Online), by querying keyword Roles, enter the title Roles, which contains the full description of the built-in server role and the database role. This will not be described. It should be noted that after setting various roles in the user (each user or group can have multiple roles), it has all values of all roles, but if some of them have a role One operation (such as a SELECT right to a table) is set, it will lose the authority, in other words, the denial of the permissions is better than granting permissions.
Third, the access rights of components in the database For the management of SQL Server and the permissions of the specific database, the server role and the database role provided by SQL Server can basically meet most of our needs. In addition, you can set individual access rights to the user or group to the user or group, these individual access rights have SELECT, INSERT, UPDATE, DELETE, EXEC, and DRI, where Exec and DRI indicate the pre-deposit program respectively. Permissions permissions and validation permissions for table validity. When doing direct permission settings, we can also target special users (such as the built-in database role cannot be met), of course, if users using the same permissions, you can add a database role that meets the requirements. Or put these users first at a group in Windows NT / 2000, and then set permissions to the group, so that it is more convenient to manage and maintain.
In addition to the above content, the author summarizes the following suggestions for the security of the database security. 1. Unless necessary, try to manage the user who can connect to SQL Server to integrate the security mechanism of Windows NT / 2000 by Windows authentication. 2. Good use of SQL Server's server role and database role function. 3. Good use of SQL Server's encryption.
SQL Server provides encryption capabilities for login account, network transfer, virtual table, and pre-deployment. The password encryption of the account is preset, and the network transmission data can be encrypted with the SSL mode. To start this function, you must start the NET-Library encryption function, while in conjunction with the Windows 2000 CA function, and in the server side The end setting is completed, so that both sides will transmit before transmitting the information. Since the definition of virtual tables and pre-preserves is saved in the system data sheet in coded, to set encryption options in Enterprise Manager when they are created, or in Alter Descriptive. 4. After the system is installed, be sure to change the preset SA password, eliminating other users "obligations" manages your SQL Server.
