There have been calls for governmental security regulations for IT. Is that a good thing? Steve Jones comments today.  Read more...

If you think through the web sites you visit on a daily basis the chances are that you will need to login to verify who you are. In most cases your username would be stored in a relational database along with all the other registered users on that web site. Hopefully your password will be encrypted and not stored in plain text.   Read more...

I have a requirement to implement a custom security scheme where roles and the user's place in the organization hierarchy are used to determine which customers a user can access. In particular the requirements are that a sales person can only access their customers and any other role can access any customer in their level of the organization hierarchy and below. We have a simple hierarchy that is made up of regions and offices. Can you provide us with an example of how to do this?  Read more...

SQL Server impersonation, or context switching, is a means to allow the executing user to assume the permissions of a given user or login until the context is set back, set to yet another user, or the session is ended. Deanna Dicken shows you two mechanisms for accomplishing this task and walks through some examples.  Read more...

Is it a problem for SQL Server to have a backdoor that lets a Windows Administrator connect as a sysadmin? Steve Jones thinks so and gives a reason why this might be a problem.  Read more...

Join BI Architect Bill Pearson in this introduction to Security in Analysis Services 2008. Here we explore security concepts and implementation, and look forward to hands-on practice with security in other articles of this subseries.  Read more...

Arrogance has no place in assessing threats and attempting to build security to mitigate them.  Read more...

Many experienced DBAs understand the issues with matching up users and logins in a restored database. But what do you do when the database is read only? New author Tychang Chen brings us a technique that can help.  Read more...

Steve Jones thinks Microsoft is making a fundamental security mistake in the way they build features for the various editions of SQL Server. Read today's editorial and see if you agree.  Read more...

Steve Jones thinks Microsoft is making a fundamental security mistake in the way they build features for the various editions of SQL Server. Read today's editorial and see if you agree.  Read more...

Steve Jones thinks Microsoft is making a fundamental security mistake in the way they build features for the various editions of SQL Server. Read today's editorial and see if you agree.  Read more...

Steve Jones thinks Microsoft is making a fundamental security mistake in the way they build features for the various editions of SQL Server. Read today's editorial and see if you agree.  Read more...

I know there are fixed database roles that come with SQL Server. How do I best use them within my installations? What should I watch out for? In this tip we will cover each of the database roles and recommendations on when to and when not to use them.  Read more...

Learn how to create a certificate signed stored procedure to solve common permissions problems using sp_send_dbmail. MVP Jonathan Kehayias brings us a short tutorial that discusses your options and code to show you how to implement certificate security.  Read more...

What do you do when you run an SSIS package and it works, but it fails when scheduled? You might have a credential problem. Robert Pearl brings us a solution to a cryptic message that prevents you from scheduling a package.  Read more...

I know there are fixed server roles that come with SQL Server. How do I best use them within my installations? What should I watch out for?  Read more...

Permissions on our development servers are considerably less stringent than elsewhere with developers afforded the freedom to restore backup’s ad-hoc....  Read more...

Read more...

We aren't necessarily liable for data breaches at our company, but will that last forever? Steve Jones talks about some things that you might want implement to ensure that you aren't liable if there ever is a security issue.  Read more...

Encryption of data at rest is becoming more and more crucial in today’s world. This tip is aimed to help businesses that do not have the budgets or resources to purchase hardware encryption tools or to upgrade to SQL 2008. It basically illustrates how to achive transparent file encryption with SQL 2005 or SQL 2000.  Read more...