The goal of this presentation is to teach you what you need to know as a developer about security within SQL Server. We'll look at using groups rather than individual logins for authentication and why it's useful to assign permissions to roles instead of users. From there we'll dive into permissions at the object level, starting with how to grant access to a table, allow execution of a stored procedure, and using a view to further restrict access when needed. This leads into the conversation about using all stored procedures, all dynamic SQL, or a hybrid (the most common) - the part most likely to generate heated discussion at the office! All of this in the context of building a security model that is easy for developers to work with, acceptable to DBA's, and satisfactory to the auditors. Getting good security in place does take some effort, but once it's there it's easy to maintain.

About the speaker: Andy Warren is a SQL Server consultant and trainer based in Orlando, FL, with over 14 years of experience. Focusing on administration, security, and SQL Server patterns and practices, he’s been a SQL Server MVP since 2008. Andy served on the PASS Board of Directors, was a founding principal in SQLServerCentral, and created both the SQLSaturday and SQLRally event models.

Topics: Database Compliance, Database Security
Products: SQL Compliance Manager