Category: Security

Kenneth Fisher creates a diet version of db_ddladmin:

What if I want the user to be able to create VIEWS, TABLES, FUNCTIONS, etc. Basically, I want a db_ddladmin Jr. Something I can give to a developer that is focused on a single schema. Say the reporting schema.

The best practice is, of course, to use a role. 

Click through for Kenneth’s script for a db_ddlcreator role.

Tom Collins distrusts (certificate) authority:

I’m getting this error when connecting Microsoft OLE DB Driver 19 for SQL Server  &  Microsoft ODBC Driver 18.x for SQL Server.

The certificate chain was issued by an authority that is not trusted

What is the fix for this error ?

Click through for some possible solutions.

Nikita Takru announces a new public preview:

We are thrilled to announce the Public Preview of Transparent Data Encryption (TDE) and Service-Managed Credential Rotation for Arc-enabled SQL Managed Instance. With a strong focus on data security and management, this release introduces cutting-edge features that ensure your sensitive information is protected.  

Click through for more details, particularly on automating credential rotation.

Muhammad Ali creates a role:

PostgreSQL is a robust open-source relational database management system that provides a wide range of capabilities to guarantee safe and effective data administration. One such privilege is the CREATEROLE privilege, which is vital to PostgreSQL database management of users and roles. We will examine the nuances of the CREATEROLE privilege, its use, and how it affects user administration in this blog post. So let’s investigate this privilege and comprehend PostgreSQL’s use of it.

Click through to see how this privilege works and what has changed in different versions of Postgres.

Kenneth Fisher needs more factory workers:

When you create a user (a database principal) you have several options on what the user is associated with (usually a login/server principal), or it might not be associated with anything at all (created without a login). And a common problem is when that object you’ve associated your user with is no longer available and you’ve got an orphan.

Click through to see how Kenneth finds them all and has them working in his wallet-making factories. Kenneth is an inspiration to us all.

Kenneth Fisher is trying to figure out where he left his keys:

I was having a conversation with some friends the other day and Jen McCown (blog|twitter) asked about SQL Server security references and “What’s something that’s really difficult in SQL Server Security.” As happens sometimes I started thinking about this in the back of my head and I realized something. The two absolute hardest things that people run into with security (at least in my ever so humble opinion) are

• Who: or Who am I when I try to access a resource?
• Where: or Where am I when I try to access a resource? And Where is that resource?

Read on for Kenneth’s thoughts.