Database Administration and Security Quiz

Questions and Answers

What is the primary responsibility of a Database Administrator (DBA)?

• Facilitating development and use of the database (correct)
• Building logical designs
• Enforcing programming standards
• Analyzing and performing business requirements

Which of the following privileges allows a user to remove data from the database?

• INSERT
• SELECT
• ALTER
• DELETE (correct)

In a situation where there is no Data Administrator (DA), what role can the DBA assume?

• Execute some of the DA's functions (correct)
• Focus solely on data backup
• Oversee only the technical aspects of the database
• Only manage user access

Which statement best describes 'roles' in the context of database privileges?

A collection of database access privileges (C)

What is the primary focus of a Data Administrator (DA)?

Analyze data volumes and requirements (B)

Which of the following actions fall under the DBA's managerial services?

Monitoring distribution and use of data (D)

Which privilege begins the process of setting up security in a database?

AUTHENTICATION (C)

What is not a function typically performed by a Database Administrator (DBA)?

Building logical database designs (B)

What must a login be mapped to in order to access a database?

A database user (D)

Which command is used to provide access or privileges on the database objects to users?

GRANT (B)

What happens if a login is not mapped to any database user?

The login can connect to the SQL Server instance but not access database objects. (B)

What is the purpose of the REVOKE command in SQL?

To remove privileges from a user or role (D)

Which of the following statements about database privileges is true?

Each database object can have its own set of privileges assigned. (D)

Which command should be used to allow a user to view and modify data in a database?

GRANT (C)

What is required for a user to access any objects in a database?

Possessing an active login mapped to a database user (B)

If user1 does not have access to myDB, which command is necessary to grant them access?

GRANT (A)

What SQL command is used to create a new login?

CREATE LOGIN login_name WITH PASSWORD = 'password'; (B)

Which statement correctly describes what a role is in SQL?

A role is a collection of privileges that can be assigned to users. (A)

If the user 'user1' has the privilege to UPDATE on the [Names] table, what command would you use to remove this privilege?

REVOKE UPDATE ON [Names] FROM user1; (C)

Which of the following is a valid syntax for changing the name of a login?

ALTER LOGIN login_name_test WITH NAME = newlogin_name; (A)

What will happen if you execute ALTER LOGIN newlogin_name WITH PASSWORD = 'Newpassword'; without the necessary permissions?

An error will occur indicating insufficient privileges. (D)

What is the first command typically issued when creating a user in a specified database?

USE myDB; (B)

What is indicated by the syntax 'USE myDB' in the context of this content?

It specifies the database where all following commands will be executed. (B)

What can members of the db_securityadmin role do?

Manage permissions and potentially elevate their privileges. (C)

Which role allows members to add, delete, or modify data in user tables?

db_datawriter (A)

What privilege do members of the db_backupoperator role possess?

Back up the database. (B)

Which role's members can run any Data Definition Language (DDL) command in a database?

db_ddladmin (C)

What can a user with the db_owner fixed-database role do?

Drop the database (B)

What is a key limitation of members of the db_denydatawriter role?

They cannot add, modify, or delete any data in user tables. (C)

Which role is responsible for managing access to the database for SQL Server logins?

db_accessadmin (B)

Which fixed-database role would prevent a user from reading any data in user tables?

db_denydatareader (D)

What is the purpose of user-defined database roles?

To create custom roles based on specific needs (B)

Which of the following roles cannot modify role memberships?

db_backupoperator (C)

How would you assign a user to the db_owner role in a database called myDB?

USE myDB; ALTER ROLE db_owner ADD MEMBER user1 (C)

Which role can read all data from user tables?

db_datareader (A)

Which fixed-database role allows viewing and updating data in table names?

db_securityadmin (C)

What happens when a user is assigned to the db_denydatareader role?

They cannot read any data from user tables (A)

Which statement about fixed-database roles is true?

They are predefined and cannot be modified (B)

What does the db_securityadmin role primarily permit a user to do?

View and modify security-related roles and permissions (D)

Which of the following best describes the Database Administrator (DBA) role?

To ensure optimal database performance and security (D)

What is one main responsibility of the Data Administrator (DA) during database creation?

Building a logical model of the database (C)

Which statement accurately reflects the role of security measures from the DBA’s perspective?

Security measures prevent service degradation and data loss. (C)

What does the SQL security model primarily provide?

Syntax to specify security restrictions (A)

Why is it important to implement security measures in an organization?

To protect data from corruption and unauthorized access (C)

What could potentially happen without proper security measures in place?

Loss or corruption of valuable data (D)

Who is typically responsible for enforcing the SQL security restrictions in a database?

Database Management System (DBMS) (B)

Flashcards

Data Administrator (DA) role

Management role focusing on controlling corporate data resources (both computerized and manual).

Database Administrator (DBA) role

Maintains a successful database environment, ensuring security and maintenance.

Database Security

DBMS features and measures to meet organizational security requirements.

SQL Security Model

Basic syntax for specifying security restrictions in a database system.

Users (in database context)

People or programs interacting with database objects.

DA's role in database design

Defines the logical structure of the database (what data it contains).

DBA's role in database design

Develops and maintains the physical implementation of the database.

Database security purpose

Protects the DBMS and the database against unauthorized access, loss, and mishandling.

SQL LOGIN

A SQL account that allows access to the database server.

SQL USER

An account within a specific database that has permissions to access its objects.

CREATE LOGIN

SQL command to create a new server login account.

CREATE USER

SQL command to create a new database user account.

GRANT

SQL command to assign permissions to a user or role.

REVOKE

SQL command to remove permissions previously granted to a user or role.

Role

A collection of permissions that can be assigned to users or other roles.

Privilege

A permission to perform a specific action in a database.

SQL Server Login

An account used to connect to the SQL Server service (also called an instance). It's the first step to access databases.

Database User

A user within a specific database that's linked to a login. It's granted permissions to access objects within the database.

Mapping Login to User

Assigning a SQL Server login to a specific database user, allowing the login to access that database.

SQL Server Management Studio (SSMS)

A graphical tool used to manage and administer SQL Server instances and databases.

Database Object

A specific entity within a database, such as tables, views, or stored procedures, that stores and processes data.

Object Owner

The specific user responsible for creating a database object. They control access and modifications.

GRANT Command

SQL command used to grant access or privileges on database objects to users.

REVOKE Command

SQL command used to remove access privileges from users on database objects.

DBMS Authentication

The process by which a database management system (DBMS) verifies the identity of a user attempting to access the system. This involves checking the user's credentials against a database of authorized users.

DBMS Authorization

The process of granting permissions to a user based on their verified identity. Once authenticated, the DBMS determines what actions the user is allowed to perform on the database.

Privileges (DBMS)

Rights granted to users to perform specific actions on database objects. These include basic operations like SELECT, INSERT, DELETE, and UPDATE, as well as more advanced actions like ALTER and INDEX.

Roles (DBMS)

Pre-defined collections of privileges that grant users access to specific database resources. They simplify user management by grouping permissions based on their job responsibilities.

Server-Level Security

Security measures applied at the database server level, including logins and server roles. This controls access to the entire database server instance.

Database-Level Security

Security measures applied at the individual database level, including users and database roles. This controls access to specific databases within the server.

Fixed-Database Roles

Predefined database roles with specific permissions that are built-in to SQL Server.

User-Defined Database Roles

Database roles that you create yourself, allowing you to customize permissions for specific tasks.

db_owner

A fixed database role allowing users to perform all configuration and maintenance tasks on a database.

db_securityadmin

A fixed database role allowing users to manage database security settings.

db_denydatareader

A fixed database role specifically designed to prevent users from reading any data in user tables within a database.

How to assign a database role

To assign a database role to a user, use ALTER ROLE followed by the role name, ADD MEMBER, and the username. Example: ALTER ROLE db_owner ADD MEMBER user1.

User-defined roles and permissions

You can create custom roles with specific permissions to grant access to data or perform specific actions.

What does 'USE myDB' do?

The 'USE myDB' command selects the database called 'myDB' as the current database for further operations.

db_accessadmin

A fixed database role that enables adding or removing access to the database for Windows logins, groups, and SQL Server logins.

db_backupoperator

A fixed database role that allows backing up the database.

db_ddladmin

A fixed database role that lets users execute any Data Definition Language (DDL) commands on the database.

db_datawriter

A fixed database role that allows users to add, delete, or modify data within all user tables.

db_datareader

A fixed database role that allows users to read data from all user tables.

db_denydatawriter

A fixed database role that restricts users from adding, modifying, or deleting any data in the user tables of the database.

Study Notes

Database Administration and Security

• Database security is the set of measures to protect DBMS against service degradation and loss, etc.
• Data Administrator (DA) manages overall corporate data (computerized & manual).
• Database Administrator (DBA) maintains successful database environments ensuring data security.
• DA defines database contents and boundaries.
• DBA designs, implements, maintains and secures database structures.
• DBA activities often overlap with DA, and DBA takes on DA responsibilities in some cases. DBA services include supporting users, defining & enforcing policies, providing backup & recovery and monitoring database use.
• SQL security model specifies security restrictions that the DBMS enforces.
• Users have IDs and privileges granted to perform actions on specific database tables/rows.
• Database objects include tables, indexes, views etc. that users can manipulate.
• Privileges (e.g., SELECT, INSERT, DELETE, UPDATE) control user actions on these objects.
• Roles group database access privileges, allowing authorized users to connect and use resources.

Database Security Concepts

• Security begins with authentication and authorization. Individual users, groups, or processes have access to SQL server.
• Server-level access involves logins and server roles.
• Database-level access includes users and database roles.
• Logins link to database users for object access.
• Appropriate logins are required to access any database objects.
• GRANT provides user access or privileges on database objects.
• REVOKE removes privileges granted to users or roles.

Creating and Managing Logins and Users

• CREATE LOGIN command creates new logins.
• ALTER LOGIN command changes login credentials.
• Object Explorer allows viewing created logins and changes in security settings.
• Using ALTER LOGIN to modify a login name, or password.
• Creating a new user within the database.
• Mapping a login to a database user.

Roles and Privileges

• Roles are collections of privileges granted to users.
• Effective method of managing user access and privileges.
• Types of roles are fixed roles defined in database and user-defined roles.
• Fixed database roles: db_owner, db_securityadmin, db_accessadmin, db_backupoperator, db_ddladmin, db_datawriter, db_datareader, db_denydatawriter, db_denydatareader.
• Custom roles can be created for specific tasks based on organizational needs.