What do you need to know to work with SQL Server security properly? In this talk, we'll look at the must knows. We will start with how a person or application connects to SQL Server and the types of authentication SQL Server provides. We will then look at the hierarchical security model SQL Server implements and how this flows down from server all the way down to tables, views, and stored procedures. Afterwards, we will discuss particular security roles which allows access without explicit permissions. Finally, we will look at ownership chaining and how that can also allow a user access to an object because of a reference from a different object.
K. Brian Kelley is an author, columnist, Certified Information Systems Auditor (CISA), and former Microsoft Data Platform (SQL Server) MVP (2009-2016) focusing primarily on SQL Server and Windows security. In addition to being a database administrator, he has served as an infrastructure and security architect encompassing solutions with Citrix, virtualization, and Active Directory. Brian is also a Certified Information Systems Auditor (CISA) and has been the head of a financial organization’s computer incident response team. Brian is active in the IT community having spoken at DevConnections, SQL Saturdays, code camps, and user groups.
Topics: Database Security, Database Compliance Products: SQL Secure, SQL Compliance Manager, SQL Management Suite