122 Chapter3•ConfiguringSQLServer2008 Self Test Quick Answer Key 1. D 2. A 3. C 4. A and C 5. D 6. B 7. D 8. A 9. C 10. A and C 11. B and C 12. B 13. A 14. C 15. B 16. C 17. A 18. B 19. C 20. A 123 Exam objectives review: ˛ Summary of Exam Objectives ˛ Exam Objectives Fast Track ˛ Exam Objectives Frequently Asked Questions ˛ Self Test ˛ Self Test Quick Answer Key Exam objectives in this chapter: Principals  Roles  The “Principle of Least Privilege”  Users  Schemas  Permissions  Auditing  The SQL Server Configuration Manager  Security and SQL Agent  Managing Security Chapter 4 MCTS SQL Server 2008 Exam 432 124 Chapter4•ManagingSecurity Introduction Security is an often overlooked factor when designing an application. In this chapter, all aspects of security will be discussed. Logins and Users will be covered, as well as SQL Server 2008’s built-in roles. Some new features are available for policy management. This chapter will also review user roles and schemas, as well as the pros and cons of granting access to objects. The tradeoff between more granular security and less granular security will be discussed. SQL Authentication will be covered in great detail, along with the pros and cons of each method. The SQL Server Surface Area Configuration tool will be covered as well as the provisioning of the accounts used for SQL Server Services. Principals As we begin to look at SQL Server 2008 security management, a good place to start is to define what SQL Server considers a principal. Principals are entities that can request SQL Server resources and their scope of influence depends on the definition scope of the principal. Windows-level principals have a Windows permission scope, SQL Server-level principals have server-level permissions and Database-level principals have database-level permissions. A Security identifier (SID) is assigned to every principal. The following shows the hierarchy of SQL Server 2008 principals and how logins and database users can be mapped to security objects. Fixed server and database roles are not shown here but are discussed in the next section. Te s T Da y Tip Make sure that you are familiar with this hierarchy and how the principals can be mapped. Windows-level principals Windows domain login  Windows local login  Windows group  ManagingSecurity•Chapter4 125 SQL Server-level principals SQL Server login  SQL Server login mapped to a Windows login  SQL Server login mapped to a certificate  SQL Server login mapped to an asymmetric key  Database-level principals Database user  Database user mapped to SQL Server login  Database user mapped to a Windows login  Database user mapped to a certificate  Database user mapped to an asymmetric key  Database role  Application role  Public role  The hierarchy of securable objects in SQL Server 2008 is as follows: Server Database  Endpoint  Remote Binding  Route  SQL Server Login  Database Application Role  Assembly  Asymmetric Key  Certificate  Database User  Fixed Database Role  126 Chapter4•ManagingSecurity Full-Text Catalog  Message Type  Service  Service Contact  Symmetric Key  Schema Default  Function  Procedure  Query Stats  Queue  Rule  Synonym  Table  Trigger  Type  View  XML Schema Collection  ex a m Wa r n i n g Make sure that you are familiar with the principals listed above regarding their scope and how they fit into the SQL Server 2008 hierarchy. Roles Like Windows groups, SQL Server provides two roles, server- and database-level roles into which logins and users can be added. Server-level roles are fixed roles that have a serverwide permission scope. Each built-in role serves a specific purpose . familiar with the principals listed above regarding their scope and how they fit into the SQL Server 2008 hierarchy. Roles Like Windows groups, SQL Server provides two roles, server- and database-level. method. The SQL Server Surface Area Configuration tool will be covered as well as the provisioning of the accounts used for SQL Server Services. Principals As we begin to look at SQL Server 2008 security. Privilege”  Users  Schemas  Permissions  Auditing  The SQL Server Configuration Manager  Security and SQL Agent  Managing Security Chapter 4 MCTS SQL Server 2008 Exam 432 124 Chapter4•ManagingSecurity Introduction Security