Data IntegrityData IntegrityLesson 12
Skills MatrixSkills Matrix
Maintaining Data IntegrityMaintaining Data Integrity• Maintaining data integrity is your most
important responsibility. – Performing backups of all data on a regular
schedule as your first layer of defense. – The time between the last backup and the
moment of disaster could involve some data loss.
– You must work with your management to find the acceptable loss rate, combined with the investment rate to avoid the anticipated loss, to maintain this goal.
Enforcing Organizational Security Enforcing Organizational Security PoliciesPolicies
• The most important phase of maintaining data integrity, and the effort demanding your greatest attention, is the “watchdog” phase.
• You must constantly run baselines to check for performance degradation and potential data losses.
• You must constantly encourage users to use safe practices.
Identifying RiskIdentifying Risk
1. Asset identification2. Risk assessment3. Threat identification4. Vulnerability assessment
Understanding Forensic RequirementsUnderstanding Forensic Requirements
• Evidence collection• Evidence preservation• Chain of custody• Jurisdiction
Implementing Physical Security Implementing Physical Security MeasuresMeasures
• Buildings and grounds• Devices• Communications• Storage media
Planning and EducationPlanning and Education
• Creating a Business Continuity Plan (BCP)
• Creating a disaster recovery plan (DRP)
• Educating Users
Backup, Backup, BackupBackup, Backup, Backup
• A backup and restoration process creates your first line of defense against data loss.
• A backup copies your data to a store somewhere other than on the mass storage devices supporting your database, usually on some type of tape media.– You can also store a backup on a hard
drive on another computer connected over a local area network (LAN).
Security PlanSecurity Plan• The first step in safeguarding any type of
system must be a good security plan:– Type of users– Fixed server roles– Database access– Type of access– Group permissions– Object creation– Auditing– Public role permissions– Guest access
SQL Server’s Security ArchitectureSQL Server’s Security Architecture• Starting with SQL Server 2005, Microsoft
introduced the concepts of working with principles, securables and permissions.– Principle: An entity (such as a login, user,
group, or role) that can be granted access to a securable resource.
– Securable: Entities that can be secured with permissions.
– Permissions: A rule associated with an object to regulate which users can gain access to the object and in what manner.
Maintaining Data IntegrityMaintaining Data Integrity
• Principals are entities that can request SQL Server resources.
• Principals are arranged in a hierarchy. • The scope of influence of a principal
depends on the scope of the definition of the principal: Windows, Server, Database, or whether the principal is indivisible or a collection
• Every principal has a security identifier (SID).
PrincipalsPrincipals
Qualified NameQualified Name
• Every object in a database has a unique four part fully qualified name in the form InstanceName.DatabaseName.SchemaName.ObjectName. – This implies a server level, database
level, schema level, and object level hierarchy.
Qualified NameQualified Name• The four part SQL Server security architecture
begins with the InstanceName. • SQL Server can be installed into multiple instances
on a single Windows operating system (OS) and hardware platform.
• The default SQL Server installation assumes the name of the OS platform and thus this four part naming convention has been traditionally expressed as
ServerName.DatabaseName.SchemaName.ObjectName
• Within each of these four scopes exist securables.
SecurablesSecurables
PermissionsPermissions
• Within each of these scopes exist permissions.
• Permissions complete the security architecture model.
• The permissions available for data manipulation language (DML) securables.
Permissions Applicable to DML Permissions Applicable to DML SecurablesSecurables
SummarySummary
• This lesson examined the forethought and planning that must be undertaken to maintain data integrity. – Don’t forget anything. Can a water pipe
rupturing flood your computer room? – Test your recovery plan for every
possible disaster. – Practice a database restore (to a
different spindle) to assure your procedures actually work.
SummarySummary
• SQL Server has a sophisticated security system that allows you to carefully implement your security plan.
Summary for Certification ExaminationSummary for Certification Examination
• Understand SQL Server’s security architecture. – Understand the concepts of
permissions, securables and principles.
SummarySummary
• You can partition views in the same way you can partition tables and for the same reasons: store parts of your views on different spindles or even different servers.