Quick Tutorial - Users and Permissions in SQL Server

Keil Jones
25 Feb 201710:54

Summary

TLDRThis video explains how to manage SQL Server permissions by creating users, assigning, and restricting their access. It begins with setting up a user in SQL Server Management Studio, assigning a login, and providing database access. The tutorial then dives into managing table-level permissions, showing how to restrict users from viewing or altering specific tables. Additionally, it covers column-level permissions, demonstrating how to allow access to certain fields while denying access to others. Finally, the process is tested by logging in as the user to verify the permission settings.

Takeaways

  • 🔑 Permissions in SQL Server are used to control access to specific tables or data, allowing you to restrict or assign access based on the user.
  • 👤 To create a user in SQL Server Management Studio, navigate to the 'Security' area, select 'Logins,' and create a new login with a username and password.
  • 🔐 SQL Server authentication is often chosen when creating a new user, allowing for more flexible password management and authentication options.
  • 📂 After creating a user, you'll need to map them to a database and assign specific roles such as 'DB Owner' to grant them access.
  • 🚫 You can restrict access to specific tables for a user by navigating to the table's properties and using the permissions tab to deny access to that table.
  • 👁 Users can have access to some tables in a database while being restricted from others by adjusting the table-specific permissions.
  • 📄 It's also possible to restrict access to specific fields or columns in a table, allowing users to view only certain columns while hiding sensitive data.
  • 🔍 When restricting column-level access, you can select permissions for each column individually by using the 'Column Permissions' option in SQL Server.
  • 👨‍💻 Once the permissions are set, logging in as the user will allow you to test the access and verify that the restrictions or grants are working as intended.
  • 🛠 The process of managing users and permissions in SQL Server involves creating users, assigning database access, and customizing permissions at the table and column level.

Q & A

  • What is the purpose of assigning permissions in SQL Server?

    -Permissions in SQL Server control user access to specific tables, data, and other resources, allowing administrators to restrict or grant access to ensure data security and integrity.

  • Where do you create a new user in SQL Server Management Studio?

    -To create a new user in SQL Server Management Studio, you go to the 'Security' section, expand it, right-click on 'Logins,' and select 'New Login' to create a user.

  • What authentication method is recommended when creating a user in SQL Server?

    -It is recommended to use SQL Server Authentication when creating a user, where you assign a username and password for the login.

  • What is 'User Mapping' used for when creating a new user?

    -User Mapping allows you to grant a user access to specific databases within SQL Server, ensuring the user can only interact with the databases assigned to them.

  • How can you restrict a user's access to specific tables in a database?

    -To restrict access to specific tables, you go to the 'Properties' of a table, navigate to the 'Permissions' tab, search for the user, and deny the necessary permissions for that table.

  • What are 'Column Permissions' and how are they used?

    -'Column Permissions' allow you to restrict user access to specific fields (columns) within a table. You can grant or deny permissions for individual columns based on user needs.

  • How do you test whether the user permissions were correctly applied?

    -To test user permissions, you log in as the created user and attempt to access the restricted resources. If permissions were correctly set, the user will receive 'Permission Denied' errors for restricted tables or columns.

  • What does 'DB Owner' access provide to a user?

    -'DB Owner' access gives the user full control over the database, allowing them to manage everything from modifying data to changing the database structure.

  • What happens if a user tries to query a column they don't have permission to access?

    -If a user tries to query a column they don't have permission to access, they will receive an 'Access Denied' error, preventing them from viewing the restricted data.

  • Why is it important to enforce strong passwords in a production environment?

    -In a production environment, enforcing strong passwords is critical for maintaining database security and preventing unauthorized access to sensitive data.

Outlines

00:00

🛠️ Understanding SQL Server Permissions

In this paragraph, the speaker introduces the concept of permissions in SQL Server. Permissions are important for controlling access to data, such as preventing users from viewing or altering specific tables. The speaker explains that the goal is to set up user accounts and restrict permissions, with a demonstration on how to create a user account in SQL Server Management Studio. The process involves navigating to the 'Security' area, selecting 'Logins,' and setting up the user with SQL Server authentication, assigning a simple password, and configuring basic access to databases.

05:02

🔒 Assigning and Restricting Table Permissions

The speaker demonstrates how to assign specific permissions to a user, using an example of limiting a user’s access to particular tables in a database. They walk through how to deny access to certain tables after a user is created, explaining the steps involved: right-clicking on the table, selecting 'Properties,' navigating to the 'Permissions' tab, searching for the user, and setting specific permissions for the tables. In this case, the user 'Bobby' is used as an example, and permissions are restricted so that Bobby cannot access certain tables.

10:03

📊 Restricting Column-Level Permissions

This paragraph focuses on restricting permissions at the column level within a table. The speaker describes a scenario where a user, like Bobby, is allowed to view some fields but is restricted from seeing others, such as sensitive information like a Social Security Number. The process involves assigning 'Select' permissions for specific columns, where some fields are granted access and others are denied. The detailed steps include using 'Column Permissions' and setting grants and denies for particular fields, ensuring Bobby can only see the authorized data.

Mindmap

Keywords

💡Permissions

Permissions in SQL Server control what actions a user can perform on a database. They can be used to restrict or grant access to certain tables, databases, or even specific columns. In the video, permissions are shown as a way to manage user capabilities, such as allowing or denying access to specific tables or fields within a database.

💡User

A user in SQL Server refers to a specific login or account that is granted access to perform operations on a database. In the video, the user ‘Bobby’ is created and given certain access permissions to a database. Users are critical in managing database security and assigning roles.

💡SQL Server Authentication

SQL Server Authentication is a method of securing user access to SQL Server by requiring a username and password. In the video, this method is chosen when creating a new login, using a simple password. It contrasts with Windows Authentication and is typically used in environments where SQL Server does not integrate with a Windows domain.

💡Database Owner (DB Owner)

DB Owner is a high-level role in SQL Server that grants the user full control over a specific database. In the video, the user is granted DB Owner permissions to certain databases, allowing them to manage and modify the databases entirely.

💡Table

A table in SQL Server is a collection of data organized in rows and columns. Permissions can be set to control who can access certain tables. In the video, specific permissions are assigned to prevent the user from viewing or altering certain tables, demonstrating how SQL Server restricts access on a table-by-table basis.

💡User Mapping

User Mapping in SQL Server assigns a user to specific databases and configures their role or level of access. In the video, user mapping is done to link the new user to databases and assign them the appropriate permissions such as DB Owner. This mapping defines what databases a user can interact with.

💡Column Permissions

Column permissions in SQL Server control a user’s ability to view or modify specific columns in a table. The video demonstrates how column permissions can be set to deny access to sensitive data like social security numbers while allowing access to other data in the same table.

💡Deny

Deny is a permission setting in SQL Server that explicitly prevents a user from performing a specific action. In the video, the 'deny' permission is applied to certain tables and columns to ensure that the user 'Bobby' cannot view or alter specific data, even though he has access to other parts of the database.

💡Select Permission

The Select permission allows a user to read or view data from a table or specific columns in SQL Server. In the video, this permission is granted to 'Bobby' for certain columns in a table while being denied for others. This shows how permissions can be fine-tuned to control what data is accessible.

💡Login

In SQL Server, a login is the account used to authenticate a user and grant them access to the server. The video starts with the creation of a login for a user, assigning a username and password. Logins can be linked to database users and given permissions to access various resources within SQL Server.

Highlights

Permissions in SQL Server help control access to tables, data, and other database elements.

Creating users in SQL Server involves expanding the 'Security' section and selecting 'Logins'.

SQL Server authentication is commonly used when setting up a new login.

To create a user, assign a name and password, and optionally uncheck the enforcement boxes for simplicity.

User mapping is necessary to grant access to specific databases after creating a user.

You can assign database roles like 'DB Owner' to users to manage access levels.

It’s possible to restrict access to specific tables, not just entire databases.

Permissions for specific tables can be adjusted through the properties of the table and the permissions tab.

Users can be restricted from viewing specific columns or fields within a table.

SQL Server permissions allow for very granular control, including denying access to certain fields but allowing access to others.

Testing the permissions after setting them up ensures the right users can only see the allowed tables or fields.

To deny table access for a user, you use the 'Permissions' tab in the table properties and select 'Deny'.

The process of assigning permissions to fields involves selecting 'Column Permissions' to specify which fields are visible.

When users attempt to access restricted tables or fields, they will receive a 'permission denied' error message.

Granular permissions allow SQL Server administrators to fine-tune user access down to individual fields, making it versatile for security control.

Transcripts

play00:00

okay I want to talk about permissions in

play00:03

SQL

play00:04

Server permissions is a pretty complex

play00:07

topic and I won't be able to get into

play00:09

everything regarding it but I just want

play00:10

to go over a few things a few principles

play00:13

regarding

play00:14

permissions so basically permissions can

play00:17

be used to keep users from looking at

play00:20

certain tables or or altering data in

play00:23

certain tables things of that

play00:25

nature so what I want to show you how to

play00:27

do is set up some users and then assign

play00:30

some or restrict some permissions for

play00:33

them so first part is creating the user

play00:37

so I got management Studio running

play00:39

here um to create a user it's going to

play00:43

be under this security area so usually

play00:45

when we open management Studio we go

play00:47

into databases and start looking there

play00:49

but for the users we want to expand

play00:53

security and they're actually called

play00:55

logins so I'm going to to create a user

play00:59

I'm going to right click on

play01:00

logins and do new

play01:05

login there's two or three things we

play01:07

need to do here we need to give them a

play01:09

name so I'm just going to do a simple

play01:11

name here that'll be my

play01:14

user more than likely we want to choose

play01:17

SQL Server authentication so we want to

play01:20

click this radio

play01:23

button let's assign him a real simple

play01:26

password I'm just going to do 1 two 3 4

play01:33

and in the production environment we

play01:34

might enforce these but just for

play01:36

Simplicity sake let's uncheck these

play01:40

boxes so I gave my name I chose this

play01:44

gave a password and unchecked

play01:47

that one more thing we need to do to

play01:51

create this user is give them some kind

play01:53

of permissions otherwise they'll be kind

play01:55

of useless to have user to do that on

play01:58

this dialogue

play02:00

go to user mapping over

play02:03

[Music]

play02:05

here and then you would give them access

play02:07

to a database so just to do this example

play02:11

I'm going to give them access to a

play02:12

couple databases

play02:16

here and again we could get into some

play02:20

more advanced uh principles here but

play02:23

just for Simplicity sake I'm just going

play02:25

to click the database and then give them

play02:27

DB owner access

play02:30

I'm going to give them access to this

play02:32

database

play02:35

also right so user mapping give them

play02:39

some access to a database then you can

play02:41

hit okay to create the

play02:47

user that's the first step now the

play02:50

second step

play02:51

is assigning some specific permissions

play02:54

or maybe restricting some so again for

play02:57

this we're not going to get into detail

play02:58

on everything but I want I want to show

play03:00

you a couple examples one would be let's

play03:03

say for this

play03:04

user we only want that person to have

play03:08

access to certain tables not all the

play03:09

tables in those databases and the second

play03:12

example I'll get to will be maybe even

play03:15

restricting access on a specific field

play03:18

or column but let's let's restrict the

play03:21

users's access to a particular table so

play03:24

we've created the user and I've given

play03:27

them access to uh this database down

play03:32

here but let's look in that

play03:37

database I've got a couple tables in

play03:40

this database so let's say for the sake

play03:42

argument we wanted them to see this

play03:45

table but not that table so the way to

play03:48

do that right now they can see both

play03:50

because I gave them access to this

play03:52

database so if I want not to be able to

play03:55

view this table I'm going to drill down

play03:58

into the database find that table and

play04:01

right click on it and go to

play04:04

properties so this is still assigning

play04:07

permissions we've created a user we've

play04:08

given them some permissions but this is

play04:10

assigning more specific

play04:12

permissions so I right clicked here's

play04:15

the property page for that

play04:21

table and I'm going to click this

play04:24

permissions tab over here on the

play04:27

properties and ignore this user uh we're

play04:30

going to do a different user and do some

play04:32

stuff with that so in your when you do

play04:34

this you may not have any users here

play04:36

that's fine so I clicked

play04:39

permissions and what you want to do is

play04:43

for the users do this search and find

play04:46

that user and sort of add them and then

play04:47

you can assign

play04:50

permissions so I'm going to click uh

play04:53

this search button here

play04:59

yeah and the easiest thing to do from

play05:01

this dialogue is to hit

play05:05

browse and your user should show up if

play05:08

he has access to this database so let's

play05:10

select Bobby hit

play05:13

okay and hit okay on

play05:19

this what I want to do again for this

play05:22

table I don't want this person to have

play05:24

permissions so what we're actually doing

play05:26

here is sort of withdrawing the

play05:29

permissions to to this particular table

play05:30

so I'm going to click on Bobby and I'm

play05:33

going to check deny in all these

play05:44

boxes and then hit

play05:47

okay so we'll test this in a minute but

play05:50

now if we were to log in as Bobby he

play05:52

should still be able to see this table

play05:54

but he shouldn't be able to see this one

play05:56

or view the data in it based on those

play05:58

permissions we just assign and sort of

play06:03

withdrew second example I want to show

play06:05

you which

play06:06

is could be pretty useful is

play06:09

restricting a user or a group of users

play06:12

permission to a particular field so

play06:14

maybe we're allow to see a table but we

play06:19

don't want to allow them to see a

play06:20

specific

play06:22

field in that table just all the other

play06:25

fields so I'm going to show you how to

play06:26

do that once again it'll be done similar

play06:29

what we just did so I'm going to go into

play06:31

this database and find the

play06:35

tables and for the sake argument I'm

play06:38

going to say I want the user to be able

play06:39

to

play06:40

see uh a couple of the fields in this

play06:43

table but not a specific one like a so

play06:45

Security

play06:46

number so once again right click on the

play06:50

table go to

play06:53

properties pretty much the same thing we

play06:55

just did but uh there'll be one

play06:57

important difference so I'm going to

play06:59

click print

play07:01

permissions search for

play07:04

Bobby so hit browse

play07:07

here check that box hit

play07:16

Okay so this time

play07:19

around what I'm going to do is I'm going

play07:21

to assign a select permission which

play07:24

basically means Bobby can select or view

play07:28

the data in the table

play07:32

so the way the way to do this click on

play07:35

select down here and when we do this

play07:38

this button becomes usable so notice it

play07:42

might be grayed out but if I click

play07:44

select here now we're going to actually

play07:48

assign some pretty specific permissions

play07:50

so I'm going to click this column

play07:53

permissions and I'm going to say Grant

play07:56

on these two

play07:57

Fields but not on this one so I'm going

play08:00

to say deny on this one all right so I

play08:03

checked grant for the fields I want

play08:05

Bobby to be able to see review and deny

play08:08

on the ones that I don't want them so

play08:10

they could be two or three Fields each

play08:12

depending on what table and Fields you

play08:14

have hit okay on

play08:18

that and that's it just hit okay on this

play08:21

as

play08:23

well so that's it really what I've just

play08:26

shown you is creating a user

play08:29

um assigning some permissions to the

play08:31

user and then restricting some

play08:34

permissions for particular tables or for

play08:38

particular fields or columns in a

play08:41

table but just so you see how this works

play08:43

so feel free to look back at that let's

play08:46

just see how this works we just show you

play08:49

what happens if we log in as

play08:51

Bob hit disconnect here

play08:59

and I'm going to log back in as

play09:02

Bobby just so we can test this

play09:08

out and see if his permissions uh got

play09:11

taken away or if he can see certain

play09:13

things and not other

play09:17

things so let's test that first one

play09:20

first let's go in and see if he can look

play09:22

at one of those tables but not the

play09:28

other so if he clicks on this table and

play09:31

tries to look at

play09:35

it notice gives a permission denied

play09:40

error so basically they that person that

play09:43

particular user can't view that table

play09:45

but notice he should be able to still

play09:47

see this

play09:49

one right so we've assigned some

play09:52

permissions to restrict certain stuff in

play09:54

our database let's try that other one

play09:56

other one out just so you can see how it

play09:58

works

play10:00

so let me go into this T

play10:03

database and run a quick

play10:10

query just for the sake of speed I'm

play10:12

just going to let the

play10:15

the thing create the query for me and

play10:18

then I'll modify it a little

play10:23

bit so right now it's trying to look in

play10:26

that table at all three fields and it's

play10:29

getting and access denied so what I'm

play10:31

going to do is modify this to say okay

play10:35

since this is Bobby maybe he is just

play10:38

going to be able to see these two Fields

play10:39

but not that third one so let's try this

play10:42

and notice now for this particular user

play10:46

they can see certain Fields but not

play10:47

others based on the restri uh

play10:50

permissions that we applied

関連動画をさらに表示

Creating and granting permission to MySQL users

DevOps for Freshers | Bài 7: Quyền truy cập trong Linux | DevOps cho người mới bắt đầu

Creating users and groups in Windows 10, and controlling file permissions

Setup Share Folders with NTFS Permission in Windows Server 2019

Hardening Access to Your Server | Linux Security Tutorial

DVWA Setup in kali linux | dvwa blank page solution

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
関連タグ
SQL permissionsuser managementSQL Serverdatabase securitytable restrictionsfield permissionslogin setupDB administrationdata accesssecurity best practices
英語で要約が必要ですか?