Career | sql Hammer

MS SQL Server provides a wide range of options to choose from when deciding how to regulate security in our organizations? I’m curious how you handle it?

Do you go full on best practice and run Windows Authentication only, allow service account and security groups only, and define user roles with granular permissions to apply to these accounts?

Do you fold under the pressures of the developers who blame you for their application’s failures and therefore you allow them whatever they claim they need in order to mitigate the blame?

Maybe somewhere in between. I’m eager to hear your methods. Feel free to post comments to elaborate or recommend additional options for the poll. (Mark all that apply)

How do you handle security?

We regulate who has access to the servers but they generally have highly privileged access.
We utilize SQL Authentication heavily.
We utilize Window Authentication with some SQL Authentication.
We utilize Windows Authentication ONLY.
We assign fixed server and database level roles to individuals / security groups.
We authorize service accounts and security groups only. No explicit access to any individual. This helps us maintain security based on the role an employee holds.
We utilize user defined roles and handle the assignment of those roles in database projects. Users are added and removed from security groups to account for change.
We go granular in all cases. Explicit object level permissions applied where needed and only when needed.
Wait why would they need to access the server if they weren't a sysadmin?

View Results

Loading ...

sql Hammer

Knowledge is the goal; Intelligence is how we reach for it.

Category Archives: Career

SQL Server 2008 MCM Readiness Videos

Poll – How do you handle security?