Sql-server – the difference between a SQL Login and a Database User in terms of security

Securitysql-server-2008

I am currently working with a consulting agency to set up a new production environment. They have set up a separate SQL login for each database.

However, there is no corresponding database user mapped to any of the logins, and all of the logins seem to have full access to any of the databases on the server.

In fact, each login has a check next to all the server roles.

Is this a common practice and is it safe in terms of security?

Best Answer

You can have a login to the SQL Server instance, but no access to a given database. When your login is granted access to a DB, you become a user in that DB.

As for granting max perms via roles to all logins, this is very risky, and not common, or default. Best practice is to use the very lowest perms possible that still allows users to complete their work.

Related Solutions

Sql-server – User in multiple windows groups mapped to sql logins

If I am understanding your question correctly, then yes the user will be able to run both applications with database connection issues.

If User1 is part of Windows Groups Group1 and Group2, and Group1 is mapped as a SQL Server login, as well as Group2 is mapped to a different SQL Server login. ~~And if Group1 is mapped to a database user in Database1 and Group2 is mapped as a database user in Database2, then User1 should have access to both Database1 and Database2.~~ And if Group1 and Group2 are both mapped to TheOnlyDatabase, then the user will have the accumulations of both database users' permissions.

This will return only one of the database users (as expected):

select user_name() as database_user_name

This will return 1 for both queries if the users is a member of both Windows Groups:

select is_member('Domain\Group1') as member_of_group_1

select is_member('Domain\Group2') as member_of_group_2

Sql-server – recommended level of security for a production database

Windows Authentication should be chosen over SQL Server Auth. Windows Auth is inherently more secure, as it's controlled by the OS. Granted, there are times when you won't be able to get around a SQL Server Auth principal because of a third party application, or whatever the surrounding circumstances are.
You should have the amount of respective logins for each logical principal that can connect or could be audited. In other words, if every application uses the same login, and your auditing captures login name, it'll be virtually useless.
You should disable the sa account as it can be a security threat. The reason behind this is because it is extremely well-known login name for SQL Server instances. It takes out a lot of the guessing game for hackers. Disable this account, but ensure there are other appropriate principals with sysadmin privileges.

As for other security measures, they are far and vast. Our own member, mrdenny, has written a book on this very subject. A few pointers are you'll want to keep a tight sand box on your principals. In other words, give only permissions that the principal will need in order to perform the functionality, and no more.

Best Answer

Related Solutions

Sql-server – User in multiple windows groups mapped to sql logins

Sql-server – recommended level of security for a production database

Related Question