ASSESSMENT TASK1 THEORETICAL QUES.
Q1. Explain the following fixed server/ database roles that exist in the sql server;
a) Sysadmin
b) Securityadmin
c) Dbcreator
d) Db_owner
e) Db_accessadmin
f) Db_securityadmin
Ans.;-
a) Sysadmin;-the sysadmin fixed server role can perform any activity in the server. The local administrator group are member of the sysadmin fixed server role. The users with sysadmin server role. The sysadmin a complete control of your server. There is a vulnerability database to run sql codes internal sql injection.
b) Securityadmin; - fixed server role manage logins and their properties. They can AWARD, REBUFF, and REVOKE server-level permissions. The database level permission if they have access to a database.
c) Dbcreator: - the dB creator stationary server role can create databanks, and can adjust and return their own databases. This role a login create database. This is typically normal user is a member of development teams and the like. The owner a given do anything within particular database.
d) Db_ownre:- Stationary database role can perform all arrangement and repairs activities on the database, and can also drib the database you can add database other sql server roles into database role. Each member fixed database role can add other login to same role.
e) Db_accessadmin:- db_accessadmin stable database part can add or remove contact for Holes logins, Windows groups, and SQL Server. It is going to allow native
If the DBA revokes the CREATE SESSION privilege from a user account, the user can’t
* Specialist and technical staff who are on hand in schools to provide knowledge and resources that support learning and teaching. * Site staff ensures that the environment is clean, safe and tidy and make sure meals are available at lunch time.
1. Least privilege: SQL accounts will have least privilege. Each SQL account can do a unique task. Some dummy accounts with no privileges will be created. So, if the system is compromised then the database is still protected. Only 2 accounts will have full access (What Is the Principle of Least Privilege (POLP)? A Best Practice for Information Security and Compliance).
Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.
Is used a lot in colleges and schools it provides access to the right user it also manages and develops user’s access to computing resources; every user has to make a username and a password. The admin users can search the directory and access the central and departmental file servers, apps and printers across the network. It also makes sure the IT security is in good strength. Account management lowers the computing costs by reducing the number of servers needed for their department.
So, a server manages the account through active directory which is very useful for users as it will help them to manage their accounts in which it does not restrict users from basic functions. So, the way it works at St. Thomas More (STM) is that when student’s logon they would require a username and password in which after they put their credentials in then the server would check their details in order to see whether they match with the details that are on the server in which if they are the same then it will allow the user to have access to the account, however if they are different then it would not allow users to access. The STM servers are split up into different groups such as, staff, students and canteen staff. You can have people that are in multiple groups. This is the role of the server that helps you log
A firewall will be used so that UN authorized users will be restricted. Parts of security will be different user account and password for each member.
mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.
The organization has a security objective of protecting the database from being altered. Since the data is held in the system, there are regulations that have been set to the users, and there are also limits to the functions that each user performs. In this case, there are three categories of users each with clearly defined responsibilities. For instance, the administration team has been given full control of the application in that they can even alter codes and perform any variations to the database objects. The other groups of users are the executives; these have the ability to access all the information
The system administrator will monitor performance of systems and provide security measures such as troubleshooting and maintenance. He will also help users to diagnose and solve their problems. He will be involved in adding, deleting or modifying user account information and resetting passwords. He will design and put into place systems, network configurations and network architecture.
- DBA security – Controlling the access on the DB level can also serve as a mechanism to protect sensitive data. In this type, there is always an administrator who controls the process of Account creation, granting access, revoking roles and assigning appropriate security level assignment.
Role based access control is an ideology through which access to systems is restricted based on authority given. It is used by organizations with a relatively large number of employees ranging from five hundred to one thousand and above (Sieunarine & University of Oxford, 2011). This is implemented through the mandatory access control or through the discretionary access control. These are the only two ways through which role based access control can be implemented.
The responsibility of a database administrator is to serve as the link between the database designers, knowledge managers and users. The database designers are often brought in for completing specific projects and then moving onto other projects at other companies or different departments at the same company. Their job are usually finished when they finish designing the database. While they may be used in the future to perform some
Beyond that server roles include things like managing the company email and website, print services, backups and Active Directory.
Users accounts should be limited and not granted excessive authorizations especially ability to access to administrative functions such as read and/or write source code and source code trees.