Webcast : SQL Server Security for Developers
The goal of this presentation is to teach you what you need to know as a developer about security within SQL Server. We’ll look at using groups rather than individual logins for authentication and why it’s useful to assign permissions to roles instead of users. From there we’ll dive into permissions at the object level, starting with how to grant access to a table, allow execution of a stored procedure, and using a view to further restrict access when needed. This leads into the conversation about using all stored procedures, all dynamic SQL, or a hybrid (the most common) – the part most likely to generate heated discussion at the office! All of this in the context of building a security model that is easy for developers to work with, acceptable to DBA’s, and satisfactory to the auditors. Getting good security in place does take some effort, but once it’s there it’s easy to maintain.
Andy Warren is a SQL Server consultant and trainer based in Orlando, FL, with over 14 years of experience. Focusing on administration, security, and SQL Server patterns and practices, he’s been a SQL Server MVP since 2008. Andy served on the PASS Board of Directors, was a founding principal in SQLServerCentral, and created both the SQLSaturday and SQLRally event models.
Monitor, audit and alert on SQL Server changes
- Audit sensitive data to see who did what, when, where, and how
- Monitor and alert on suspicious activity to detect and track problems
- Satisfy audits for multiple industry regulatory requirements
- Select from over 25 pre-defined compliance reports and create custom views
- Lightweight data collection agent minimizes server impact