Press "Enter" to skip to content

Curated SQL Posts

Get-SqlSafe: A Baseline Assessment for SQL Server Security

Published 2026-05-20 by Kevin Feasel

Andreas Wolter has a new tool:

In my experience with SQL Server security assessments, many environments show typical patterns: excessive permissions, weak or missing auditing, legacy authentication exposure, risky configuration choices, and ownership or access-control drift accumulated over years.

Get-SqlSafe Community Edition was released to give teams and also consultants a practical first look at those high-level indicators. It is a free PowerShell-based assessment tool for Microsoft SQL Server, supporting all versions from SQL Server 2016-2025 that helps surface baseline issues before they turn into deeper security problems.

Click through for the link where to grab Get-SqlSafe Community Edition, as well as more information on how it works.

Leave a Comment

Solving Cross-Database References in Database Projects

Published 2026-05-20 by Kevin Feasel

Andy Brownsword creates a reference:

Large data solutions can span multiple databases. I’ve recently shared how amazing Database Projects can be but objects which reference across database boundaries can throw up warnings. Is the code solid or have you picked the wrong table and column combination? – you won’t know, and the code is fragile.

This is where References come into play. They make our projects aware of other databases so objects can reference them without unnecessary warnings. Plus intellisense is a nice bonus.

There are a few ways to handle these dependencies depending on how your projects are organised and what tooling you’re using, so let’s jump into the problem and check out the different options.

This was, without a doubt, one of the most painful things around working with database projects in Visual Studio. Not only do you need to keep up with your own database, but also the databases you reference. In addition, if the databases you reference happen to reference your database, you’ll end up with circular dependencies that will fail. The “best” solution was to create a stripped-down version of one of the databases that doesn’t include references, and then use that to jump-start the second database, and then use that to create the full version of the original database. So now you’re maintaining three separate database projects (at a minimum—this assumes you have one pair of databases with cross-referenced dependencies). Heaven help you if you have a cross-referencing love triangle.

Leave a Comment

StatisticsParser Extension to SQL Server Management Studio

Published 2026-05-20 by Kevin Feasel

Brent Ozar announces a new extension:

If you do a lot of query tuning, you’ve probably come across Richie Rump’s StatisticsParser.com. Now, it’s even easier to use.

Now, it’s even easier to use. Download & install it, then run your query with SET STATISTICS IO, TIME ON, and after it finishes, right-click in the query window and click Parse Statistics:

Read on for more information on the extension, as well as the state of extensions in SSMS. Erik Ejlskov Jensen has also picked up the gauntlet and built an SSMS extension gallery.

I will say that the Visual Studio Code world is in significantly better shape in this regard, though the SQL Server tooling is in significantly worse shape there. Life is full of trade-offs, after all.

Leave a Comment

Naming Conventions for Power BI Semantic Models

Published 2026-05-20 by Kevin Feasel

Ruben Van de Voorde gets organized:

Naming conventions for your semantic model should be a high priority for any developer. It’s incredibly important not just to ensure your model is organized and professional for developers and users, but also when using AI agents to query or manage it. Without clear naming conventions, people and agents waste time and are more likely to make mistakes.

Click through for a sensible scheme. In the meantime, I’ll provide the joke I normally use around naming. I love naming conventions. In fact, I love them so much, I have five of them and switch interchangeable between them as I develop.

Leave a Comment

User-Aware Calculated Columns in Power BI

Published 2026-05-20 by Kevin Feasel

Marco Russo and Alberto Ferrari show off something new:

A calculated column is computed when the table is refreshed and stored in the model (in Import mode), just like any other column, so its value does not depend on the user who is connected. The introduction of user-aware calculated columns in Power BI changes this picture because we can define a calculated column that is evaluated at query time and depends on the user running the query. This behavior can be obtained by setting the Expression Context property of a calculated column to User Context.

Click through to see the benefit of this new functionality.

Leave a Comment

Probabilistic Time Series Cross-Validation in R

Published 2026-05-19 by Kevin Feasel

Thierry Moudiki checks an interval:

A previous post introduced the crossvalidation package for R. This time, the focus is on probabilistic forecasting — evaluating not just how accurate point forecasts are, but how well-calibrated prediction intervals are, using empirical coverage rates and Winkler scores – and crossvalidation.

Click through for the code and not much additional commentary. H/T R-Bloggers.

Leave a Comment

Cross-Database Access after Tampering with Indexed View Metadata

Published 2026-05-19 by Kevin Feasel

Fabiano Amorim describes a security concern:

This article describes a restore-boundary weakness involving indexed views. An attacker prepares a database backup on an attacker-controlled instance, tampers with the persisted definition of an indexed view, and delivers that database through an otherwise ordinary backup-and-restore workflow.

After the restore, SQL Server evaluates the preserved metadata during indexed-view optimizer-driven execution. Data from databases the attacker cannot directly query may still be pulled into the attacker’s own restored database through trusted internal processing paths. This is a clear cross-database confidentiality problem.

It’s an interesting post. The scope of damage is somewhat limited considering that the attacker would need legitimate permissions to the instance, but something to keep in mind nonetheless.

Leave a Comment

Fuzzy Matching in SQL Server 2025

Published 2026-05-19 by Kevin Feasel

John Deardurff takes a look at a new capability in SQL Server 2025:

Data rarely arrives in perfect condition. Typos, regional spelling differences, and inconsistent formats make exact matching unreliable in real-world scenarios. That’s where fuzzy matching comes in; and SQL Server 2025 introduces powerful built-in functions to handle it directly in T-SQL.

None of the functions are particularly novel, but it is nice to have them directly available in SQL Server, especially because Integration Services (where some of this functionality lived) has been on life support for a decade.

Leave a Comment

ForEach Loops in Powershell

Published 2026-05-19 by Kevin Feasel

Garry Bargsley continues a series on Powershell capabilities:

Welcome back to PowerShell Strikes Back. We’re three weeks in, and the training is paying off. In Week 1, we learned that quotes are not interchangeable. In Week 2, we put variables to work – storing server names, config values, service objects, and boolean results. If you’ve been following along and running the examples in your own environment, you’re already writing better PowerShell than you were a month ago.

This week, we tackle the concept that transforms a script from a one-time operation into an actual tool: the ForEach loop.

Garry also ties in error handling, which is important during loop iteration.

Leave a Comment

Performing ELT with Python and DuckDB

Published 2026-05-19 by Kevin Feasel

Jamal Hansen shows off a capable in-memory analytic database:

This is a real-world example of a common data engineering pattern. You may have heard of ETL (Extract, Transform, Load), where data is transformed before it reaches its destination. What we are actually building today is the more modern variant, ELT: Extract, Load, Transform.

Read on for the process. I like DuckDB a lot and this is one of the types of use cases in which it excels.

Leave a Comment