However, the biggest advantage of using the role is the effectiveness of the management process. Imagine that, if 1000 employees need to view or edit their personal data as soon as possible, then the system administrator only selects the available Windows Group, and then assigns it. Entire access to the corresponding SQL Server role - instead of having to manually edit 1000 accounts in turn manually. To better understand this situation, the Windows Group contains all user accounts with corresponding access to the network on Windows, and the SQL Server roles will depend entirely on the relevant components. Therefore, we only need to assign the demand according to the database of SQL Server and the corresponding account on Windows.
Server roles are usually monitored and managed by Database Administrator - DBA and are applied to the entire server, not just for each individual component. By default, these roles are set to public for all accounts, and all accounts after adding to SQL Server will automatically be assigned a public role.
Creating a database is for administrators only, but you need to keep in mind some of the following general rules when creating tables:
- db_owner: all users have full - access rights
- db_accessadmin: user has the right to manage the Windows Group and login SQL Server account
- db_datareader: user can read all data
- db_datawriter: users have the right to add, delete or edit data in the table
- db_ddladmin: users can use dynamic files - link library (DLL)
- db_securityadmin: users can edit role roles and manage other management and authorization levels
- db_bckupoperator: users can back up the database
- db_denydatareader: user cannot view data in table
- db_denydatawriter: users cannot view, change or delete data in the table
With fixed roles, they are applied across the entire model of the system, with a number of common considerations as follows:
- SysAdmin : all users can perform operations on the server
- ServerAdmin: all users can set and customize options on the server
- SetupAdmin: all users can manage connected servers, SQL Server operations and options
- Security Admin: all users can manage components related to security and security
- ProcessAdmin: All users can turn off or pause any process that works on SQL Server
- DbCreator: all users can create, change, delete or restore databases
- DiskAdmin: all users can manage SQL Server files
- BulkAdmin: all users can perform many different insert commands
Next, we will use SQL Server Enterprise Manager to assign Windows groups and databases Pubs (database template comes with SQL Server 2000). The first step is to create a Group Guest login account, through which the user can access SQL Server:
- Start Enterprise Manager, open the security folder
- Right-click the Logins item, select New Login from the menu displayed, the New Login window will display as shown below. Note that in this case, Windows Authentication is already selected, and we will use Windows Authentication Mode , as opposed to SQL Server Mixed Mode (Mixed Mode includes Windows Security and SQL Server's available security model. , and Windows Authentication is always recommended to be used with SQL Server):
- Click the button next to the Name box to display the SQL Server Login Properties - New Login, select the corresponding Windows group (here, Guests ), click the Add button then click OK to close the SQL Server Login Properties window - New Login :
- On the General tab, select the Pubs database from the Database list, the default option is Master, but you should not assign access to this database, because it will directly interfere with the installation process of SQL. Server.
- Select to continue Database Access card to see information about database available on the system
To continue, we must choose the default database before SQL Server activates the database role. Select Pubs (as shown below), the Public role section will automatically be assigned. At this point, we can select and assign any roles, besides, the Guest group is already listed in the Column:
- Click OK to complete this process, Enterprise Manager will display the new login section in the right window, and so far all members of the Windows Guests group can login to SQL Server:
- Another way to assign the same role as above, in Enterprise Manager select Pubs , double-click Roles> db_accessadmin to display the Role Properties window :
- Click the Add button to display the list of users and groups, select Guest as shown below:
- Database Role Properties window will be displayed after adding Guest login section to db_accessadmin role :
- Click OK to complete this process.
At this point, we've finished the process of adding Windows Guest groups to SQL Server and Guest groups to the Pubs database and the db_accessadmin role. The Guest group members have inherited the entire permissions in the db_accessadmin role (listed above) inside the Pubs database.
Next, we will create a new database role. Specifically, the roles are predefined, for example db_accessadmin is not complete, but we can still create a new role. For example, we will create a new role called Purchasing :
- Go back to the Enterprise Manager dashboard , right-click anywhere in the right window, select New Database Role from the menu displayed. Enter the name Purchasing in the Name section, then click the Add button. Note that at this point the Permissions button is still in the disabled state.
- Click the Add button to assign the user or group account to the role section. In this case, the Guest group (shown above).
We just created a new role called Purchasing in the Pubs database
- Click OK to close this window.
After creating a new role - Purchasing for database Pubs , we have to create a user account that will be assigned to the role of Purchasing (via the Guest group). Also here, let's set up a few simple permissions for this Purchasing role:
- Re-open the Purchasing role you just created in the previous step in the Enterprise Manager window , and this time the Permissions button will work
- Click the Permissions button to open the Database Role Properties control panel . Here, you can set the corresponding decentralization level for each object here.
- For example, if you check the Delete column as shown in the authors line, all members of this role can delete the data records in Authors table.
- If you pay close attention, you can see that selecting the Authors table also activates the Columns function button. Click this Columns button to display the Column Permissions table . In this table, we can limit the number of hits in a given column.
Servers role servers so far, as a general rule, most administrators will not proceed to assign any user accounts to the fixed server role, as they are only used for administration. Database and Administrator account. But besides, we can still assign user accounts to the server role in two ways: using Enterprise Manager or Query Analyzer. For example, to assign a Guest account to the Server Creators server role via Enterprise Manager, you need to do the following:
- Expand the Security Folder section
- Double-click Server Roles> Database Creators
- If you want to select and assign group Windows to the role section, click the Add button to open the Add Members window
- Select the Windows Guest group then click OK to close this window, assign the group Guest to the Server Role Properties table :
Note that at this point both tabs of this table are viewable, open the General tab to assign the login to the role, or use the Permissions tab to select the corresponding SQL statement that this server role can actually execute. exam. Then, click OK to complete this process.
If you want to use Query Analyzer , type the command structure below, with the name parameter representing the user and role as one of the components listed above:
Exec sp_addserverrolemember name, role
For example, the following statement will allow us to assign the Martin Reid record to the SysAdmin role:
Exec sp_addserverrolemember 'Martin Reid', 'SysAdmin'
One of the most important components of SQL Server is the system stored procedure - capable of supporting users in managing various aspects of the server. The full list of system stored procedures can be found here. Good luck!