― by Ginger Keys
Installing SQL following best practices is an important first step in securing your SQL server. The next step in securing your SQL server is to decide who can access the SQL instance, what databases and other objects they need access to, and what kind of permission to give them to those objects. So what is involved in securing access to your SQL server? We will go over the basic components, and discuss best practices to help keep your server secure.
There are three main areas of security within your SQL server instance.Principals these are the persons or entities needing to access your SQL server. Securables these are the databases, objects, and other resources in your SQL server instance. Permissions these determine which resources a principal can access and what actions they are allowed to perform.
There are also some other important areas to consider in controlling access to your SQL server:Schemas and Ownership SQL server service accounts Administrative accounts
Principals are persons, applications, and entities that can be authenticated to access the SQL server resources. In SQL server, principals include logins, users, and roles.
LOGINS Principals require a login in order to connect to the SQL server. Logins are at the server level only, and provide for the entry point, or the initial connection to the server. Logins are validated against the master database and the connection is to the instance, not the databases or other components. SQL supports two methods for authenticating logins: windows and SQL authentication. Mixed mode authentication allows for the use of either Windows or SQL logins.
Windowslogins can include individual users, groups, domains accounts, or local accounts. Group accounts are granted login access to all logins that are members of the group. SQL relies on Windows to authenticate these accounts.
SQLlogins are specific to the instance, and are stored in SQL, with the username and hash of the password in the master database. SQL uses internal authentication to validate login attempts. This type of login may be necessary for users not associated with a Windows domain.
Best Practices for Logins:Use Windows authentication whenever possible create Windows groups in Active Directory set with appropriate access/permissions to the SQL server, then add individual users to the appropriate groups Do not use SQL authentication for logins if possible when SQL Server logins are used, SQL Server login names and passwords are passed across the network, which makes them less secure Audit SQL Server failed login attempts to monitor for possible hacking activity
USERS Once logged in to a SQL instance, a user account is necessary in order to connect to a database and its components. Users are created within a database, and mapped back to the server login.
User accounts that are not mapped to a login account are known as orphaned users. An exception is contained database users; they do not need to map to a login.
Guest user this account is a built-in account in SQL server, and is disabled in new databases by default. The guest user allows a login to access databases without being mapped to a specific database user, and it inherits the ‘public’ database role with its permissions.
dbo user this account has implied permissions to perform all activities in the database. Any principals belonging to the sysadmin fixed server role are mapped to the dbo user account automatically. The dbo user is in every database and is a member of the db_owner database role.
Best Practices for Users:Disable the guest user in every user database (not system DBs) If you must use the guest account, grant it minimum permissions
ROLES Roles exists at both the server and database level. Permissions can be assigned to a role which makes it more efficient to manage principals’ access to securables. Permissions are given to roles, then logins and users can be added to (or removed from) roles.
Server roles server level roles can be fixed or user defined. Members of server roles have permissions to sever-level securables, and cannot be changed or revoked. Logins can be assigned to fixed server roles without having a user account in a database.
For complete list and description of server roles click here https://msdn.microsoft.com/en-us/library/ms188659.aspx
Database roles These roles have a pre-defined set of permissions. Logins must be mapped to database user accounts in order to work with database objects. Database users can then be added to database roles, inheriting any permission sets associated with those roles.
For complete list and description of database roles click here https://msdn.microsoft.com/library/ms189121.aspx
Public role The public role is contained in every database including system databases. It cannot be dropped and you can’t add or remove users from it. Permissions granted to the public role are inherited by all users because they belong to the public role by default.
Best Practices for Roles:Be very cautious when adding users to fixed server roles : Do not add principals to the sysadmin role unless they are highly trusted. Membership in the securityadmin role allows principals to control server permissions, and should be treated with the same caution as the sysadmin role. Be very cautious in adding members to the bulkadmin role. This role can insert data from any local file into a table, which could put your data at risk. For more information click here https://msdn.microsoft.com/library/ms188659.aspx Grant public role only the permissions you want all users to have, and revoke unnecessary privileges.
SQL Server securables are the resources that can be accessed by a principal. SQL server resources operate within a hierarchy, with the server at the top of the hierarchy. Below the server instance lies the databases, and below the databases are a collection of objects (schemas, tables, views, etc.). Access to securables is controlled by granting or denying permissions to principals, or by adding or removing principals (logins and users) to roles which have access. All securables have an owner. The owner of a securable has absolute control over the securable and cannot be denied any privilege. Server level securables are owned by server principals (logins), and database level securables are owned by database principals (users).
Permissions :Permissions determine the type of access granted on a securable to a specific principal and what tasks a princ