RSS

Category Archives: Security

SQL 2016 Row-Level Security Demo: Users with various clearance levels

SQL 2016 Row-Level Security Demo: Users with various clearance levels

SQL 2016 is right around the corner and one of the new security enhancements promised is Row-Level security for tables.  It’s a great new feature and pretty easy to implement.  I have created a simple demo that gives various users access to data based on specific clearance level to the data.  Feel free to modify the code and play around with it how to see fit.  There are many different ways to setup Row-Level security and this is just one scenario.  One of the things you’ll notice if you go through the scripts below is that the dbo user does not have access to the data after the the security policy is applied.  This is key for many environments where customers do not want administrators to have access to sensitive data.  Of course anyone with good coding skills and the proper permissions could circumvent that, but that’s why we put auditing measures in place 🙂

I’ve broken up the code into three sections.  The first is for setting up the database and permissions.  The second section creates the tables in the database and puts test data in them.  The third section is for the creation of the function and security policy which enables Row-Level Security. After creating the function and security policy, go back to the second section and re-run the select statements to see the security policy in action.  This demo was created on SQL 2016 CTP 2.2.  If you are interested in learning more about Row-Level Security and to see some other demos please refer to this webinar from PASS.

Read the rest of this entry »

 

Tags: , , ,

Podcast about my career and the SQL Server Community with Chris Bell

Podcast about my career and the SQL Server Community with Chris Bell

During my time at SQL Saturday in Philadelphia (Early June), Chris Bell invited me to be a guest on his Podcast.  Here is the result of that fun interaction 🙂

https://wateroxconsulting.com/archives/podcast/010-ayman-el-ghazali/

I just want to reiterate my thanks to everyone who ever helped me on my career path from my colleagues at work to my colleagues in the field. HUGE THANK YOU!

I hope you enjoy it!

 

Tags:

SQL Saturday 294 Philadelphia, Nostalgic!

SQL Saturday 294 Philadelphia, Nostalgic!

Less than a week left and I’m extremely excited about SQL Saturday in Philly on June 7th, 2014 and the Precon the day before (I signed up for Allan Hirt’s).  I lived in Philadelphia for about 10 years during which I went to college, had my first two full-time jobs, and my first to kids were born in that area. This SQL Saturday is going to be a blast from the past for me.  The actual event takes place in Malvern PA which is off of 202 in the Northwestern Region of the Philadelphia suburbs.  It is part of the “mainline” and close to Valley Forge, King of Prussia and other historic/tourist attractions.  I used to work in the Mainline area for Johnson Matthey in Wayne (and part time in Malvern) so I’m very excited about taking this trip back to visit friends and family.

For those of you that don’t know about SQL Saturday it is a fantastic event. Here are some of the reasons I’ve encouraged people to attend SQL Saturday events:

Read the rest of this entry »

 

Tags: , , , , ,

Social Engineering: How to prevent unauthorized access to SQL Server using SQL Logins

Social Engineering: How to prevent unauthorized access to SQL Server using SQL Logins

People are always concerned about Security when it comes to their data.  I don’t blame them, I love keeping my job and I love to protect the sensitive data we store. You also don’t want someone with little SQL skills going in and running huge queries that bring the server to a screeching halt. In all honesty though, security has a HUGE aspect that is outside the realm of anyone’s technical expertise, it’s the “social factor” of security that is tricky.

Read the rest of this entry »

 

Tags: ,

SQL Server Management Studio Rainbow Edition

SQL Server Management Studio Rainbow Edition

Ever wanted to know the reason behind the Database color scheme in SQL Server Management Studio?

I have always wondered why all the Databases in management studio were Yellow (Online), Grey (Read-Only), Lighter Yellow with text next to it (something like Restoring), or Yellow with a Red Icon (Offline). Have you ever wondered why there aren’t any more useful colors like Red for when a Transaction Log is Full or Purple when your Statistics are Outdated. I have a theory on this that I have entitled “The Theory that you have to actually work to call yourself a DBA.”

colorful databases

Read the rest of this entry »

 

Tags: , , , , , , , ,

How to Avoid a Database “Heart Attack”

How to Avoid a Database “Heart Attack”

For the past couple of months I have been working with Ben Weiss a Digital Marketing Strategist at Infusive Solutions (http://www.infusivesolutions.com/). Our partnership was based on a mutual understanding that there is much needed career growth and guidance among IT Professionals. Since my background is primarily with Database Management Systems I have been helping him with writing articles, guides, and even interview questions for top professionals in the field, all for the purpose of furthering the careers of IT professionals.

Our latest project is a Lessons Learned pamphlet based on several articles I wrote about a year ago after attending open heart surgery (as an observer, not a patient). Here is the link to the final product, I hope you enjoy and benefit from it.

Here is a link to a summary of the project
http://www.infusivesolutions.com/blog/bid/98928/3-Ways-Business-Observation-Catalyzes-SQL-Server-DBA-Job-Growth

 

Tags: , , , , , , , ,

What if your database server was hacked and all your data was deleted?

What if your database server was hacked and all your data was deleted?

Recently in the news an article circulated about a coordinated attack by a team of hackers known as Anonymous. Information about this incident is all over the internet here is one article with details RT News.

Part of that attack included deleting a database belonging to the Israeli Foreign Ministry. The details are not clear, but I wanted to write about what may have happened and how you can prevent it or recover from it in your own environment.

Read the rest of this entry »

 

Tags: , , , , ,

 
%d bloggers like this: