04/11/2012
by Marlon Ribunal
Comments Off on How To Limit User Access To Your Database

How To Limit User Access To Your Database

There are situations where you need to grant SELECT permission to a particular user and limit that access to a particular OBJECT, say a TABLE.

Here’s a quick way of accomplishing this. In this example, we’re using the AdventureWorks2008R2 database.

I have already created the LOGIN in advance (“TestUser01“). Let’s map that to a USER Object:

CREATE USER [TestUser01] FOR LOGIN [TestUser01]
GO

The next step is to set the permission on the particular table we want the user to access:

Grant SELECT To User For A Particular Table

You can further restrict access at the Column Level by setting the Column Permission as needed. Using the HAS_PERMS_BY_NAME  function in SQL Server, let’s check if we’ve granted user TestUser01 the SELECT permission he needed for the Employee table:

SELECT HAS_PERMS_BY_NAME
('AdventureWorks2008R2.HumanResources.Employee', 'OBJECT', 'SELECT')
AS SELECT_PERM,
name
AS TABLE_NAME,
type_desc, schema_id
FROM sys.tables

The HAS_PERMS_BY_NAME  function returns true (1) or false (0) to indicate whether permission has been granted or not.

HAS_PERMS_BY_NAME Function returning TRUE

The good thing about HAS_PERMS_BY_NAME is that, it is accessible to the Public role – meaning Users with minimal access level can run a query containing the function. Or if you are an Admin and you want to test a newly altered user you can impersonate that user:

 

EXECUTE AS USER = 'TestUser01'
GO


SELECT HAS_PERMS_BY_NAME
('AdventureWorks2008R2.HumanResources.Employee', 'OBJECT', 'SELECT')
AS SELECT_PERM,
name AS TABLE_NAME,
type_desc, schema_id
FROM sys.tables
GO


REVERT
GO

 

That should give us the same result shown above. This is how it looks like when TestUser01 logs in to the AdventureWorks2008R2 database:

Limiting User Access to a SQL Server 2008 R2 database

04/04/2012
by Marlon Ribunal
Comments Off on The evolving role of the database professional

The evolving role of the database professional

The role of the database professional is quickly evolving to conform with the ever changing demands of the business world. The new game of the data pro is adaptation.

SQL Server 2012 is responding to Data Explosion and the Cloud

The demarcation between the roles of database administrator and database developer has disappeared. You cannot succeed in one path without succeeding in another. Those two roles – administrator and developer – have been rolled into one just like the two different sides in a coin.

The SQL Server 2012 Certification has responded to this call. If the Professional-level Certifications currently posted on the Microsoft site become final, there will only be two distinct Certifications SQL Server 2012 (and maybe onward) – Data Platform and Business Intelligence, each consists of 5 required exams.

If we take a close look, these two certifications are not really distinct. They share common exams:

  • Exam 70-461: Querying Microsoft SQL Server 2012
  • Exam 70-462: Administering Microsoft SQL Server 2012 Databases
  • Exam 70-463: Implementing a Data Warehouse with Microsoft SQL Server 2012

The Data Platform Certification has the following distinct required exams:

  • Exam 70-464: Developing Microsoft SQL Server 2012 Databases
  • Exam 70-465: Designing Database Solutions for Microsoft SQL Server 2012

While the Business Intelligence Certification has:

  • Exam 70-466: Implementing Data Models and Reports with Microsoft SQL Server 2012
  • Exam 70-467: Designing Business Intelligence Solutions with Microsoft SQL Server 2012

These two certifications are quite different in scope but indistinguishable in function. We can see a reduced separation that used to set apart the Database Pro from the BI Pro. People expect you to know both Administration and BI just because you know SQL Server.

There are discernible implications from these changes:

1. Know the Cloud as a platform

According to Microsoft, the two SQL Server 2012 Certifications are designed to “prove your knowledge and skills in designing, building, and maintaining the next wave of cloud-ready database and information solutions.” The Cloud as a business solution is gaining traction in the business world. It is now becoming a necessity and not simply a storage preference.

2. Know Facts and Dimensions

Businesses are not just looking at data anymore as source for information critical to their day-to-day business operation. With the help of advance database technologies, business people can now easily slice and dice their metadata to produce even more valuable data to boost their fiscal advantages in their market.

3. Know that all Platform Will all Soon Pass

The business of business is the driver of your career. Specialization of one platform or feature is a bane for your career. Generalization is not good either. Remember, demands of business will determine what, when, how and where your career will evolve.

4. Know Adaptation

Continuous learning is imperative. It’s hard to predict what’s down the road five or ten years from now. But if we have the correct knowledge, it’s not hard to read the indicators of what the future will be like.

To sum up, the database as a platform is quickly changing to conform with the demands of business. If you know how to adapt, you’ll have a great chance at succeeding in your career as a Data Pro.

Photo courtesy of flickr user BigSee

03/29/2012
by Marlon Ribunal
1 Comment

Save yourself from despair with full database documentation

Your ability to document thoroughly will determine  your efficiency and productivity when it comes to managing your SQL Server databases. Aside from the question of productivity, there’s always the concern of having to come across with problems relating to the unfamiliarity of vendor databases (this is particularly true with third-party applications).

Commercial products usually come with proper documentation. But it is sad to note that not many of them would provide customers with enough details appropriate to their needs.

Sure, you can build your own procedures and write all the necessary commands to extract metadata from your databases but that will probably take a lot of effort and patience.

Take a look at this sample query:

SELECT u.name + '.' + t.name AS [table] ,
td.value AS [table_desc] ,
c.name AS [column] ,
cd.value AS [column_desc]
FROM sysobjects t
INNER JOIN sysusers u ON u.uid = t.uid
LEFT OUTER JOIN sys.extended_properties td ON td.major_id = t.id
AND td.minor_id = 0
AND td.name = 'MS_Description'
INNER JOIN syscolumns c ON c.id = t.id
LEFT OUTER JOIN sys.extended_properties cd ON cd.major_id = c.id
AND cd.minor_id = c.colid
AND cd.name = 'MS_Description'
WHERE t.type = 'u'
ORDER BY t.name ,
c.colorder

You can join multiple system views to come up with your desired output. I’m sure there are other views you can find inside SQL Server that will show you what you want to see. The query above will give you something like this:

Querying SQL Server Database Metadata

From the sample data above, you notice that there are no data in the description attributes for the tables and columns. This is typical to commercial vendor applications. Thorough documentation is a necessity we cannot afford to take for granted. And, yet, most people consider documentation as the least important thing in their project.

After you brewed your t-sql scripts, there are additional things you must do to come up with a usable documentation.

SQL Doc

Now here comes SQL Doc from Red Gate. It is a tool that automatically generates documentation based on your database schema. Compared to the process I described above, SQL Doc generates a thorough documentation of your databases faster than you ever could. See all those NULL on the table_desc and column_desc columns? You can fill them up with intuitive data at runtime and SQL Doc will write them back to the extended properties of your database objects.

Add Data To Your Extended Properties Directly From SQL Doc

Benefits of SQL Doc

Red Gate identifies the SQL Doc feautures as the following:

  • Save time by automatically generating documentation
  • Eliminate tedious and time-consuming manual documentation tasks
  • Satisfy audit requirements by keeping complete documentation
  • Document a database in a couple of clicks, from within SSMS
  • Keep teams up to date by distributing documentation

You definitely save time, effort, and resources by using SQL Doc to generate your documentation. Instead of getting consumed in an endless loop of coding, tweaking, and compiling your documentation, you can focus more on other stuff that truly matters without compromising your metadata.

Documentation Format Options

You can generate three types of document format with SQL Doc; namely, Word document (.doc), Web page (.html), and Help file (.chm). I’d prefer HTML mostly for its convenience. Or, if you are developing a stand-alone application, you’d want it in a help file that is integrated into the app as an additional feature.

Sample SQL Doc HTML Documentation