Reorganize permissions in SQL Server 2005 step by step

Permissions? Help! How do I start handling SQL Server permissions? This article focuses on ways to tackle that type of situation by reorganizing how permissions are set in SQL Server 2005.

The main goal:
The goal when modifying the security model in your database servers is to give the least permissions as possible. That way, users can view and/or modify only the data they are in charge of. Most hackers come from within the organization, however, and users that had more permissions than they needed and used them for different activities might be annoyed by the fact that the permissions were removed.

For instance, imagine the frustration of a developer who once could make changes directly in production and now has to get the DBA's approval to accomplish the same task. Like any other type of profound modification, it might take time for others to adjust to the new rules and sometimes you'll face opposition from different groups in the organization.

When is the best time to start?
In my opinion, the best time to begin reorganizing permissions is when you are planning a SQL Server consolidation or upgrade. When consolidating or upgrading databases, a testing phase is recommended and permissions can be modified and tested as part of that

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SQL Server Security The keys to database backup protection for SQL Server Understanding transparent data encryption in SQL Server 2008 The fine line between not encrypting your databases and breach notification Securing SQL Server with access control, login monitoring and DDL triggers SQL Server security: Controlling access via database roles Implementing security audit in SQL Server 2008 New security features in SQL Server 2008 leave some work for you Can I encrypt and restore a database backup in SQL Server 2005? FAQ: How to troubleshoot and grant SQL Server permissions Secure SQL Server from SQL injection attacks Microsoft SQL Server 2005 (Yukon) SQL Server Reporting Services Fast Guide SQL Server Service Broker Tutorial and Reference Guide Tips for tuning SQL Server 2005 to improve reporting performance SQL Server consolidation: Why it's an optimization technique Parent-child dimensions in SQL Server 2005 with Analysis Services MDX Enforcing data integrity in a SQL Server database SSIS error message due to installation problem on SQL Server 2005 Should you upgrade to SQL Server 2005 or SQL Server 2008? Basics for working with DATETIME and SMALLDATETIME in SQL Server 2005 How to configure Database Mail in SQL Server 2005 to send mail Microsoft SQL Server 2005 (Yukon) Research SQL Server Management A first look at Microsoft SQL Server 2008 R2 Maintaining high availability of SQL Server virtual machines Creating fault-tolerant SQL Server installations Using Microsoft Hyper-V for SQL Server consolidation Scaling up vs. scaling out with SQL Server 2008 Migrating to SQL Server 2008 and leveraging new features Testing a SQL Server environment before an upgrade Does upgrading to SQL Server 2008 fit your business? Meeting business needs with SQL Server full-text search Using dynamic management views to improve SQL Server index effectiveness

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary data corruption  (SearchSQLServer.com) data hiding  (SearchSQLServer.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

process.

Step 1 -- Information gathering:
To establish the best plan, follow these steps:

Step 2 -- Planning:
When planning permission enhancements in your system, it is very important to use a step-by-step approach. If you attempt to use a general tactic, it's easy to fail because you may have to deal with diverse applications and/or databases differently. When you're in the planning stage, consider the following:

Step 3 -- Testing:
Like every other modification done in a database, after changes to permissions in the server/database are made, the application should be tested and approved by the development team and users. This is an important step in order to make sure the application did not break when changed.

Step 4 -- Applying:
Once the modifications are approved, they can be applied in the different environments.

Step 5 -- Maintenance:
You should have a maintenance plan in place for the new permissions -- either a third-party tool, an in-house developed tool or even manual instructions if sufficient for your environment. The goal is to not lose the momentum of an "organized" environment, security viewpoint, but to continue maintaining it according to the standards.

Conclusion:
There are no rules-of-thumb for reorganizing permissions and the security model of an environment. Devise the best plan for your specific environment depending on the applications, database types and requirements. A step-by-step approach is recommended as well as a testing environment to ensure that the reorganization is not affecting the application. Lastly, have security maintenance standards and tools for keeping a properly maintained security model.

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchSQLServer.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.