The DENY statement prevents users from performing actions. This means that the statement removes existing permissions from user accounts or prevents users from gaining permissions through their group/role membership that might be granted in the future. This statement has the following syntax: All options of the DENY statement have the same logical meaning as the… [Continue Reading]
Security System of the Database Engine
Managing Permissions Using Management Studio
Database users can perform activities that are granted to them. In this case, there is a corresponding entry in the sys.database_permissions catalog view (that is, the value of the state column is set to G for grant). A negative entry in the table prevents a user from performing activities. The entry D (deny) in the… [Continue Reading]
Managing Authorization and Authentication of Contained Databases
As you already know from Chapter “Data Definition Language“, contained databases have no configuration dependencies on the server instance where they are created and can therefore be easily moved from one instance of the Database Engine to another one. In this section you will learn how to authenticate users for contained databases. Each user that… [Continue Reading]
Change Tracking
Change tracking refers to documenting all insert, update, and delete activities that are applied to tables of the database. These changes can then be viewed to find out who accessed the data and when they accessed it. There are two ways to do it: Using triggers Using change data capture (CDC) You can use triggers… [Continue Reading]
Data Security and Views
As already stated in Chapter “Views“, views can be used for the following purposes: To restrict the use of particular columns and/or rows of tables To hide the details of complicated queries To restrict inserted and updated values to certain ranges Restricting the use of particular columns and/or rows means that the view mechanism provides… [Continue Reading]
