Presentation Materials: Permission Management – 12 Pitfalls & Misconceptions

2014-03-26 - Presentations

Abstract

SQL Server comes with a powerful built-in permission management system. However, as most powerful tools, this one too can be difficult to use and get right.

This is a two-part session. During the first part, we will go through a review of SQL Server security terms and concepts, particularly the GRANT, REVOKE and DENY statements. For the second part, the audience selects topics that we will cover in detail. You will be able to choose from 12 different security pitfalls and misconceptions. All these pitfalls/misconceptions have one thing in common: If you are not aware of them, you might GRANT or DENY more permissions than you intended.

Prerequisites

To get the most out of this 200 level session, you should feel comfortable writing simple queries and creating basic tables and procedures.

Materials

The following is a list of posts about the Pitfalls & Misconceptions:

ALL PRIVILEGES – The Misleading Permissions Shortcut

Is Granting on All Columns Really the Same as Granting on the Table Itself?

DENY vs. REVOKE – Part 1 – Are they just synonyms?

Debunking Symmetric Key Recreate-Ability

Security Pitfalls – Revoking Column Permissions

REVOKE CASCADE does not work on CONTROL permission

DENY CASCADE does not CASCADE the DENY

Security Pitfalls – Column Level GRANT overrides Table Level DENY

The Unexpected Side Effect of DENY CONTROL

The Unexpected Security Implications for Role Owners

CONTROL SERVER vs. sysadmin – Differences when Creating a Schema

An implicit user creation has failed.

The Ownership Chaining Quandary or How to Circumvent an Explicit DENY

OPEN SYMMETRIC KEY – Avoid the NULL Ciphertext Trap

Categories: Presentations

5 Responses to Presentation Materials: Permission Management – 12 Pitfalls & Misconceptions

  1. Pingback: 2014-08-18 - Security Management - 12 Pitfalls & Misconceptions - NJ SQL Server User Group - sqlity.net

  2. Pingback: 2014-08-19 - Security Management - 12 Pitfalls & Misconceptions - NJ SQL Server User Group - sqlity.net

  3. Pingback: 2014-09-27 - Permission Management - 12 Pitfalls & Misconceptions – SQL Saturday #318 - Orlando - sqlity.net

  4. Pingback: 2014-11-01 - Permission Management - 12 Pitfalls & Misconceptions – SQL Saturday #337 - Oregon - sqlity.net

  5. Pingback: 2014-11-05 - Permission Management - 12 Pitfalls & Misconceptions – PASS Summit 2014 - sqlity.net

Leave a Reply

We know how to make a database fast. We’ll help you do the same.

832-377-5489
Ask for our friendly assistance

From the sqlity.net blog

Read more posts »