Lab Modulo 3 SQL Server
Lab Modulo 3 SQL Server
Es
te
do
Task 2: Grant Permissions on Objects
cu
m en
to
pe
rte
No lui ne
es sg ce
tán aL u ille
1. Review
pe the supplied
rm
o
uissecurity requirements in the scenario for this lab.
rm co Gu
itid rre ille
as a@ rm
las gm o
Co should be assigned at the object level.
2. Determine the permissions
co
p
ail
.
that
rre
ias co aL
sin m op
au era
tor .
3. Start SQL Server Management
iza Studio and connect to the MIA-SQL database
ció
. n
engine using Windows authentication.
4. On the File menu, point to New, and then click Query with Current
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 1/9
30/1/2019 Librería
Connection.
5. In the new query window, type the following code to grant permissions for the e-
commerce application to read data from the Products.vProductCatalog view
and insert rows into the Sales.SalesOrderHeader and Sales.SalesOrderDetail
Etables:
ste
do
cu
me
nto
pe
rte
NUSE
oe l uis ne
stá
InternetSales;
g uil
ce
ler aL
np m uis
GO e rm o co Gu
itid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
s
GRANT SELECT ON siProducts.vProductCatalog m Lo TO WebApplicationSvc;
na pe
uto ra.
GRANT INSERT ON Sales.SalesOrderHeader riz TO WebApplicationSvc;
ac
ión
.
GRANT INSERT ON Sales.SalesOrderDetail TO WebApplicationSvc;
GO
Es
te
do
cu
6. Belowmthe
en code that you have just entered, type the following code to grant
to
pe
permissions rtfor
en all sales employees and managers to read data from the
No lui ec
es s gu ea
án tlle i Lu
Customer
pe
r
table:
rm
o is
Gu
mi co
tid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
GRANT SELECT ON Customers.Customer
i na pe TO Database_Managers;
uto ra.
riz
GRANT SELECT a
ON Customers.Customer
ció TO InternetSales_Managers;
n.
GRANT SELECT ON Customers.Customer TO InternetSales_Users;
GO
Es
te
do
cu
m
7. On the etoolbar,
nto click Execute.
pe
rte
No lui ne
e sg ce
8. stá
Minimize SQL
ille Server u
ui Management Studio and open a command prompt.
aL
np rm
erm oc sG
itid orr uil
ler
as ea
l mo @
9. At the command a s c prompt,
op
g ma type Co the following command to open
rre
the sqlcmd utility
il.c
ias om aL
as adventureworks\anthonyfrizzell,
sin
au
op
era who is a member of the IT_Support
tor .
group, and then press Enter: iza
ció
n.
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 2/9
30/1/2019 Librería
10. At the command prompt, when you are prompted for a password, type
Pa$$w0rd, and press Enter.
11. In the SQLCMD window, at the command prompt, type the following command
Es
toteverify
do your identity, and then press Enter:
cu
me
nto
pe
rte
No lui ne
e sg ce
stá
SELECT uil
suser_name(); aL
np ler uis
erm m oc
o Gu
GO i tid r rea ille
as @ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
12. In the SQLCMD window, atacthe i z
ión command prompt, type the following commands
.
to verify that Anthony can access the Customer table through his membership
of the IT_Support global group, and hence the Database Managers local
group and SQL Server login, and then press Enter:
Es
te
do
cu
me
nto
pe
USE InternetSales;
No l
rte
n
uis ec
es gu ea
GO tán ille Lu
pe rm is
rm oc Gu
iTOP
tid orr ille
SELECT as 5 e
FirstName,
a rm LastName FROM Customers.Customer;
las @ oC
gm
co ail orr
GO pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.
Task E3:
s
Deny Permissions on Objects
te
do
cu
me
nto
pe
ten r
1. You
No realize
e
lui
sg that ec the Database_Managers do not need to access the customer
e
stá uil a
np erm Lu l
information,
erm soocdecide
is to deny them access.
G
itid orr uil
as ea ler
las @ m oC
gm
2. co
In SQL Server Management
ail oStudio,
rre in the query window, below the existing
pia .co a ss m Lo
in p
era the Database_Managers user SELECT
code, type the followingau code to deny
to .
riz
ció a
permissions on the Customer n. table:
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 3/9
30/1/2019 Librería
3. Select the code that you have just typed, and then click Execute.
Es
te
do
4. In thecumSQLCMD
en window, at the command prompt, type the following command
to
er p
to
N verify
lu that teAnthony
ne is now denied access to the Customer table, and then
oe isg ce
stá ille u aL
press n Enter:
p rm uis
erm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
SELECT TOP 5 s
FirstName,
sin m Lo
LastName FROM Customers.Customer;
pe
au ra.
tor
GO iza
ció
n.
Es
te
do
cu
m
Task 4: Revoke
en
to Permissions on Objects
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm Gu oc
1. You realize
itid that,oralthough
a r e a
ille the Database_Managers users do not need to
r
sl @ mo
sc m Co a g
access the customer
op information,
ail
.c rre Anthony is a member of another group and
ias om aL
therefore does needsiaccess
na
u to theopetable.
ra. You decide to revoke the deny
tor
ac iz
permission that you have implemented,
ión leaving Anthony to inherit permissions
.
from his other group membership.
2. In SQL Server Management Studio, in the query window, below the existing
Es
code,
te
do type the following code to deny the Database_Managers user SELECT
cu
m
permissions
en
to on the Customer table:
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
REVOKE iSELECT
tid o rre ON Customers.Customer
ille TO Database_Managers;
as a@ rm
las gm oC
GO co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.
3. Select the code that you have just typed, and then click Execute.
4. In the SQLCMD window, at the command prompt, type the following command
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 4/9
30/1/2019 Librería
to verify that Anthony can access the Customer table through his membership
of the Sales_Managers global group, and hence the InternetSales_Managers
local group and SQL Server login, and then press Enter:
8. Leave SQL Server Management Studio open for the next exercise.
Es
te
do
cu
me
nto
pe
rte
No lui ne
Result: s
es Aftergcompleting ce
tán uil
ler a L this exercise, you will have assigned the required object-
pe mo uis
level permissions.
rm
itid
co
rre
Gu
ille
as a @ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
Exercise 2: Granting EXECUTE Permissions on Code tor
iza
ció
n.
USE InternetSales;
GO
1. In the command prompt window, at the command prompt, type the following
Ecommand
ste
to open the sqlcmd utility as adventureworks\deannaball, who is a
do
member cu
me of the IT_Support group, and then press Enter:
nto
pe
rte
No lui ne
es sgu ce
tán ille aL
rm uis
runasper/user:adventureworks\deannaball /noprofile sqlcmd
mi o co Gu
tid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in p
2. At the command prompt,tor when youerare a u a. prompted for a password, type
iza
ció
Pa$$w0rd, and then press Enter. n.
3. In the SQLCMD window, at the command prompt, type the following commands
to verify that Deanna can run the stored procedure, and then press Enter:
Es
te
do
cu
me
nto
ert p
N
USE InternetSales;
lu en
oe isg ec
stá uil
aL e
GO n p uis ler
erm mo
co Gu
EXECUTEitidProducts.ChangeProductPrice
as
rre
a@
ille
rm 1, 2;
las gm oC
co ail orr
GO pia
ss
.co
m
ea
Lo
in pe
au ra.
tor
iza
ció
n.
4. In the SQLCMD window, at the command prompt, type exit, and then press
Enter.
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 6/9
30/1/2019 Librería
5. In SQL Server Management Studio, in the query window, below the existing
code, type the following code to check that the stored procedure updated the
price:
Es
te
Result:doAfter
cu
me
completing this exercise, you will have assigned the required
n
EXECUTE permissions
to on stored procedures.
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea
Exercise 3: Granting
las @ Permissions
gm
rm
oC at the Schema Level
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
Task 1: Grant Permission on acSchema
ión
.
1. Review the supplied security requirements in the scenario for this lab.
Es
te
oc d
2. Determine
um the permissions that should be assigned at the schema level.
en
to
pe
rte
3. N
On l
o e the File isg menu, ne
u ce point to New, and then click Query with Current
stá uil aL
np l erm uis
Connection. erm oc
o Gu
itid rre ille
as a@ rm
las gm oC
co ail orr
4. In the new query pwindow,
ias . com type ethe
a L following code to grant permission for the
sin op
e
sales managers to inserttorand a u
iza
updatera.data in the Sales schema, and for the
ció
sales employees and managers n. to read data in the Sales schema:
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 7/9
30/1/2019 Librería
USE InternetSales;
GO
2. At the command prompt, when you are prompted for a password, type
Pa$$w0rd, and then press Enter.
Es
te
do
cu
m
3. In the SQLCMD
en
to window, at the command prompt, type the following commands
pe
r
to lui that teAnthony
No verify ne can access and update sales data, and then press Enter:
e sg ce
stá uil aL
np ler uis
erm mo
co Gu
itid rre ille
as a@ rm
las oC gm
USE InternetSales;
co ail orr
pia .co ea
ss m Lo
GO i n pe
au ra.
tor
iza
ció
n.
SELECT TOP 5 SalesOrderID, CustomerID FROM
Sales.SalesOrderHeader;
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 8/9
30/1/2019 Librería
GO
Result: After completing this exercise, you will have assigned the required
schema-level permissions.
Es
te
do
cu
me
nto
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 9/9