Security System of the Database Engine

The DENY statement prevents users from performing actions. This means that the statement removes existing permissions from user accounts or prevents users from gaining permissions through their group/role membership that might be granted in the future. This statement has the following syntax: DENY {ALL [PRIVILEGES] } | permission_list [ON [class::] securable] TO principal_list [CASCADE] [… [Continue Reading]

Database users can perform activities that are granted to them. In this case, there is a corresponding entry in the sys.database_permissions catalog view (that is, the value of the state column is set to G for grant). A negative entry in the table prevents a user from performing activities. The entry D (deny) in the… [Continue Reading]

As you already know from Chapter “Data Definition Language“, contained databases have no configuration dependencies on the server instance where they are created and can therefore be easily moved from one instance of the Database Engine to another one. In this section you will learn how to authenticate users for contained databases. Each user that… [Continue Reading]

Change tracking refers to documenting all insert, update, and delete activities that are applied to tables of the database. These changes can then be viewed to find out who accessed the data and when they accessed it. There are two ways to do it: Using triggers Using change data capture (CDC) You can use triggers… [Continue Reading]

As already stated in Chapter “Views“, views can be used for the following purposes: To restrict the use of particular columns and/or rows of tables To hide the details of complicated queries To restrict inserted and updated values to certain ranges Restricting the use of particular columns and/or rows means that the view mechanism provides… [Continue Reading]