Small the safety that discusses MSSQL Server 2000 and management

Tuesday, March 03, 2009 by rain

Common ground is told,Data-base is to store the database of the data that has certain character.Normally,We differentiate the user of system of life data warehouse it is four kinds,The controller of data-base architect, data-base, person that use programming reachs the person that use commonly.Among them the management that data-base controller is in charge of Zhang date and safeguard,The access of the person that decide all data-base are used is restricted.Safety administration can say data-base is the job with data-base the mainest controller.The company level data-base that SQL Server is Microsoft,It is a function the powerful, data-base that uses easily,Can do safe mechanism conformity with the date of Zhang of the person that use of Windows NT/2000 directly.

So,After all what is safety administration?In short,Safety administration is to show the staff that joins a server to needing to ascend undertakes administrative.In using a program,We will be right of data-base of all kinds data of setting of the person that use operates attributive,It is the government that does Zhang date and password in using a program directly normally,But this kind of practice needs compose programme controll.And the figure that SQL Server has kind, easy operation uses an interface,Can manage the access of the person that use to SQL Server conveniently attributive.

Safety administration of SQL Server can be divided for 3 administrative levels,Namely post door, the manages as specific as join database attributive of data-base is opposite with the person that use the operation attributive of a join data-base part.Below,We will be done in the light of these 3 administrative levels define.

One, post door
The account that the person that any need access the use of SQL Server all needs to a group of servers are approbated and password.SQL Server support records pattern 2 kinds,One kind for Windows test and verify,Another kind is SQL Server test and verify.Former should establish as corresponding as Windwos NT/2000 post in SQL Server only door,The account that when the person that let use ascends Windows NT/2000, uses can be mutual and as corresponding as the account in SQL Server,Can hook up smoothly SQL Server,From this,The conformity that we finished mechanism of safe to Windows NT/2000 government.

Next,Data-base controller is on Windows NT post date,Can add group of groups in Windows NT in SQL Server directly,Become a post thereby door.

Through afore-mentioned operations,Windows NT ascends group of members in the group to all can join SQL Server.If member of the some in this groups of groups does not allow his to ascend,enter SQL Server,Can be in the individual account of this member sets SQL Server lieutenant general to be accessed to refuse.If install SQL Server in Windows 95, Windows 98 or Windows Me,Cannot use means of Windows test and verify.

If use SQL Server test and verify,The person that those who want join SQL Server must is to use in SQL Server establishs the Zhang number name that publishs and code,The account of these Zhang date and password and Windows NT/2000 has nothing to do.

Two, the attributive that manages as specific as join database
Establishing post door hind,The person that use can enter SQL Server in,But the limits of authority that does not have specific data-base of join SQL Server on behalf of the person that use,Must be opposite the person that use or group group of operation limits of authority that set pair of SQL Server.The to data-base operation attributive in SQL Server can divide those who be the operation attributive of server oneself and data-base to access attributive.To the operation of SQL Server attributive can be installed by server part,The access of data-base attributive can is opposite with the person that use by the part the access of individual form attributive will install.So,What is there to differ between server part and part?

1. Server part
SQL Server system is built-in part of 8 kinds of servers (group of groups in can envisioning the role into date of Windows NT Zhang) ,It cannot be changed or add newly.The person that should use to some or group after part of group setting good server,The limits of authority that its have place of this server part.Server part is each management of SQL Server the job tries to classify,If build Zhang date and data-base backup,wait,It and data-base role are different,The operation attributive that latter is pair of individual data-base.

The attributive that we list place of part of 8 kinds of servers is had simply.System Administrators states systematic manager is executable any movements.Security Administrators expresses to run post door.Each parameter that Server Administrators expresses to install SQL Server.Setup Administrators states concerned Replication(is duplicate) setting and administrative expansion put a program beforehand.Process Administrators expresses all execution to manage SQL Server medium program.Disk Administrators Express to manage data-base file.Database Administrators expresses to build and change data-base property.The government that Bulk Insert Administrators represents to be operated to executable Bulk Insert.

2. Part
SQL Server is built-in part of 10 kinds of data-base,It cannot be changed or delete,But can add a part to individual data-base.If give the person that use to have the data-base owner limits of authority in built-in part,The whole operation that it owns this data-base counterpoises.The detailed attributive of each part shows the rest can consult the Bol(of SQL Server namely SQL Server Books Online) ,Through inquiring key word Roles,The project that enters caption to be Roles,Have the complete specification that includes built-in server part and data-base part among them,In this not much give uncecessary details.Those who need an attention is,Be opposite the person that use set all sorts of parts respectively (the each person that use or group group can have a variety of parts) hind,The limits of authority that it has market of all part couplet,But if among them some part operates power to some (if counterpoise to the Select of some form) installed refuse,It will lose this limits of authority,In other words,Reject attributive excel to grant limits of authority.

Three, of the component in data-base access attributive
The management to SQL Server and can join the attributive of specific data-base,The server part that supplies by SQL Server place and data-base part basically can accord with us major demand.Additional,Can be opposite directly the person that use or group group setting accesses attributive to the component in data-base individually,These access attributive individually to have Select, Insert, Update, Delete, Exec and Dri,Among them Exec and Dri represent the executive attributive to putting a program beforehand and the limits of authority of test and verify to form effectiveness respectively.When doing direct attributive to install,The person that we also can be aimed at special use (when like built-in data-base the part cannot be satisfied) ,Of course,If use,compare a long time with the user of attributive means,The data-base part that can add to accord with demand,Or the person that use these is attributed to some group of groups first on Windows NT/2000,Set limits of authority to this groups of groups again,Such doing more square facilitating management and safeguard.

Except afore-mentioned content,When moving actually,The author sums up a the following to suggest to data-base guards a pass safely.
1. Unless necessary,Manage otherwise as far as possible with Windows test and verify can join the use person of SQL Server,The safe mechanism with integrated Windows NT/2000.
2. The server part that be apt to uses SQL Server and data-base part function.
3. Be apt to uses SQL Server add close function.

SQL Server offerred post date, network to transmit, fictitious watch adds close function with what put a program beforehand.Among them the password of Zhang date is added close be set beforehand,And the data is transmitted to be able to use SSL means to undertake adding between the network close,Should start what this function must start Net-library to add close function,The CA function that should cooperate Windows 2000 at the same time,Finish in server end and client side setting,Thereby both sides is before transmission data,Can add in SSL close hind reentry is transmitted all right.In because fictitious watch and the definition that put a program beforehand are,protecting existence system data in order to with the price clearly marked to express,If want to mix fictitious watch,put a program to add beforehand close,In ENTerprise Manager when its are built the setting adds close option or can narrate with Alter will install add close.

4. After systematic setup ends,Be sure to change the Sa code that establishs beforehand,Lest has other the SQL Server that compulsory " of " of the person that use manages you.

Posted in SQL Server | 评论:0 | 浏览: Tags:XXX

Related:

Technology of SQL Server database (104) (2009-3-3 9:37:52)

Technology of SQL Server database (92) (2009-3-3 9:37:52)

Technology of SQL Server database (53) (2009-3-3 9:37:52)

Technology of SQL Server database (51) (2009-3-3 9:37:52)

Technology of SQL Server database (50) (2009-3-3 9:37:52)

Technology of SQL Server database (49) (2009-3-3 9:37:52)

Technology of SQL Server database (48) (2009-3-3 9:37:52)

Technology of SQL Server database (47) (2009-3-3 9:37:52)

Technology of SQL Server database (46) (2009-3-3 9:37:52)

Technology of SQL Server database (108) (2009-3-3 9:37:52)