Problem solve Get help with specific problems with your technologies, process and projects.

Creating a SQL Server user authentication schema

Learn how to create a SQL Server user authentication schema having password and tracked data changes requirements and how it involves Windows authentication.

How can I generate a SQL Server user authentication/authorization schema (tables/keys/indexes) to support the following requirements:

  1. A user is required to have a login name, first name, last name, and password.
  2. A user password will expire in 90 days.
  3. A user account will be locked after five failed attempts in five minutes.
  4. A locked account will automatically be unlocked 20 minutes after last failed login attempt.
  5. A user can change their password but it cannot be the same as any of the last 10 passwords used.
  6. All data changes have to be tracked and attributable to the person making the changes.
If you are using SQL Server authentication, you will have to put source code in your application to account for "1" and "2". Since SQL Server will be doing the authentication, you won't be able to perform "3" through "6". If you choose to use Windows authentication – more secure with some tradeoffs – you'll be able to set the password complexity and lockout options with a Group Policy Object or Local Security Policy.

Dig Deeper on SQL Server Security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.