A Fine Slice Of SQL Server
Randheer Parmar wants row-level security:
Row Level Security is a very key requirement for most database or data lake applications. Most of the databases are having natively build row-level security but Synapse serverless SQL pool doesn’t support this inbuilt functionality. In this article, we will see how to implement it.
Row-level security has always seemed to me to be a great idea but not one I can implement because its performance cost is always too high.
Comments closedLaurence Geng looks at Ranger:
Whether you’ve successfully made it before or not, installing and integrating Windows AD/OpenLDAP + Ranger + EMR is a very hard job, it is complicated, error-prone, and time-consuming for the following reasons:
Read on for the list of reasons, some background on Ranger, and an automated installer intended to make life a bit easier.
Comments closedBefore we discuss how DEP applies to Synapse Pipelines, it is important to level-set on some Synapse Pipelines specific concepts – if you are familiar with Synapse Pipelines or Azure Data Factory you can skip over this section and jump to Synapse Pipeline connectivity without DEP enabled.
For a more generalized introduction to Synapse Pipelines check out this doc article.
Synapse Pipelines enables users to connect to a range of different data services, through what is called a Linked Service.
The big trick, using self-hosted integration runtimes, is something Luke spends a fair amount of time on.
Comments closedMatthew McGiffen lays down a stake:
You can see that a small majority of DBAs who follow Brent on Twitter and respond to polls use some form of at-rest encryption. I guess that means that in the larger population the majority aren’t encrypting their data at all.
There are a number of reasons why that might be the case, the only good one is that your database doesn’t hold any personally identifiable information (PII) or sensitive data which will certainly be true in some cases but not in most.
Read on for more of Matthew’s thoughts and do check out his new book. My copy’s supposed to arrive today.
1 CommentDan Weston aims to secure an Apache Kafka cluster:
As part of our educational resources, Confluent Developer now offers a course designed to help you apply Confluent Cloud’s security features to meet the privacy and security needs of your organization. This blog post explores the need to implement security for your Apache Kafka® cluster, then briefly reviews the security features and advantages of using Confluent Cloud.
Click through for an overview. The course itself is free, as well.
Comments closedEitan Blumin reminds me of the bad old days:
Sometimes when trying to access a linked server, you’d get an error saying “Login failed for user NT AUTHORITY\ANONYMOUS LOGON”. This happens because you’re connected using Windows authentication, and SQL Server fails to “forward” your credentials to the linked server.
This issue is often called “double-hop pass-through authentication”, also known as “Kerberos delegation“, which I’ll try to illustrate with the following diagram:
Eitan provides a helpful step-by-step guide to understanding not just how to fix the problem but also what concepts like SPNs really do.
Comments closedJana Sattainathan needs to give the daily password:
Sometimes, you have a share (like Azure Data Box via SMB as was the case for me) that you can access only with a UserName and Password. This is fine as long as you are accessing it interactively by typing it in, but how about accessing it from SQL Server for the purposes of backing up and restoring?
This is where “NET USE” command
comes in handybecomes necessary
Read on to see how that can help you out.
Comments closedTeo Lachev combines two capabilities in Power BI:
In a typical engagement, I create an organizational semantic model(s) and “report packs”, such as Sales Report Pack, Inventory Report Pack, etc. These report packs are typically implemented as Power BI reports connected to the semantic model as a shared dataset using the Power BI Datasets connector. Reports sanctioned by IT are published to a dedicated workspace, such as Corporate BI. Departmental reports are deployed to their respective workspace, such as Sales, to enforce content-level security. Usually, the semantic model has row-level security (RLS) roles defined to enforce restricted access to data depending on the identity of the interactive user.
Read on to see how you can test out the results once you get it working.
Comments closedSteven Vaughan-Nichols has bad news for us:
So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and the Apache Software Foundation (ASF)’s VP of Security, this week tweeted, “OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC.”
How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.
There isn’t enough detail yet to know exactly what the issue is. It’s forthcoming, however, so time to get those patch windows ready.
Comments closedYou should never embed passwords or other “secrets” – sensitive data – in code. A better way is to put sensitive data into configuration, and load configuration from your code. Read on to find out how to do this in R Markdown (and Shiny).
Click through for one way to do this. Just make sure you .gitignore excluded .env files.