Security considerations in SQL Azure

Before we dig deeper into SQL Azure Security, here are some basic concepts:

Principal: This is an entity that can request SQL Azure resources. Principals can include sql logins (access to SQL Azure server) and database users (access to SQL Azure database)

Role; A role in SQL Azure is analogous to a group in Windows. So if the Accounting dept has database users with the same level of permissions, it is better to create a role and assign perms to it

Schema: Container of database object like tables in SQL Azure

Securables: Actual resources in SQL Azure that can be access. An example of this is a table or even a database.

Steps for Security in SQL Azure

  1. Create a login, has to be done in master database
  2. Create a database user for the previous login
  3. Assign the user to a role (optional but highly recommended)
  4. Assign permissions to the user

Here is a sample video tutorial that covers SQL-Azure-Security-Youtube (Use Right click – Save As)

I am including the Transact SQL scripts for creating and managing the security in SQL Azure database

–create sql login

/****** Object: Login [hr_owner] Script Date: 4/26/2012 9:41:57 PM ******/
CREATE LOGIN [hr_owner] WITH PASSWORD=N’Ÿi‹Býÿƒ]@ÖÄ­’
GO

–create database user

/****** Object: User [hr_owner2] Script Date: 4/26/2012 9:53:28 PM ******/
CREATE USER [hr_owner2] FOR LOGIN [hr_owner2] WITH DEFAULT_SCHEMA=[dbo]
GO

–create database role

/****** Object: DatabaseRole [hr_role2] Script Date: 4/26/2012 9:59:43 PM ******/
CREATE ROLE [hr_role2]
GO

–add user hr_owner2 to database role hr_role2

sp_addrolemember ‘hr_role2′, hr_owner2

–How to lookup members (users) in a database role

select p.name as role_name, m.name as user_name
from sys.database_role_members drm
join sys.database_principals p
on drm.role_principal_id=p.principal_id
join sys.database_principals m
on drm.member_principal_id=m.principal_id

This entry was posted in How to Video, Security, SQL Azure tutorials, TSQL and tagged , . Bookmark the permalink.

Comments are closed.