Lecture 5

Database Security
Abdulmottaleb Elabour
[email protected]

1
What is database security?
Database security is the processes, tools, and controls that secure and protect databases against accidental and
intentional threats. The objective of database security is to secure sensitive data and maintain the confidentiality,
availability, and integrity of the database. In addition to protecting the data within the database, database security
protects the database management system and associated applications, systems, physical and virtual servers, and
network infrastructure.

To answer the question "what is database security," it's important to acknowledge that there are several types of
security risks. Database security must guard against human error, excessive employee database privileges, hacker and
insider attacks, malware, backup storage media exposure, physical damage to database servers, and vulnerable
databases such as unpatched databases or those with too much data in buffers.

2
What is database security?

3
Types of database security
❑ Network security
•Firewalls serve as the first line of defense in Did database security. Logically, a firewall is a separator or restrictor
of network traffic, which can be configured to enforce your organization's data security policy. If you use a
firewall, you will increase security at the operating system level by providing a chokepoint where your security
measures can be focused.

4
Types of database security
❑ Access management
•Authentication is the process of proving the user is who he or she claims to be by entering the correct user
ID and password. Some security solutions allow administrators to centrally manage the identities and
permissions of database users in one central location. This includes the minimization of password storage and
enables centralized password rotation policies.
•Authorization allows each user to access certain data objects and perform certain database operations like
read but not modify data, modify but not delete data, or delete data.
•Access control is managed by the system administrator who assigns permissions to a user within a database.
Permissions are ideally managed by adding user accounts to database roles and assigning database-level
permissions to those roles. For example, row-level security (RLS) allows database administrators to restrict read
and write access to rows of data based on a user's identity, role memberships, or query execution context. RLS
centralizes the access logic within the database itself, which simplifies the application code and reduces the
risk of accidental data disclosure.
5
Types of database security

❑ Threat protection
•Auditing tracks database activities and helps maintain compliance with security standards by recording
database events to an audit log. This allows you to monitor ongoing database activities, as well as analyze and
investigate historical activity to identify potential threats or suspected abuse and security violations.
•Threat detection uncovers anomalous database activities that indicate a potential security threat to the
database and can surface information about suspicious events directly to the administrator.

6
Types of database security
Information protection
•Data encryption secures sensitive data by converting it into an alternative format so only the intended parties
can decipher it back to its original form and access it. Although encryption doesn't solve access control problems,
it enhances security by limiting data loss when access controls are bypassed. For example, if the database host
computer is misconfigured and a malicious user obtains sensitive data, such as credit card numbers, that stolen
information might be useless if it’s encrypted.
•Database backup data and recovery is critical to protecting information. This process involves making backup
copies of the database and log files on a regular basis and storing the copies in a secure location. The backup
copy and file are available to restore the database in the event of a security breach or failure.
•Physical security strictly limits access to the physical server and hardware components. Many organizations with
on-premises databases use locked rooms with restricted access for the database server hardware and networking
devices. It's also important to limit access to backup media by storing it at a secure offsite location.

7
SQL Server Security
❑ Server-level roles
Fixed server-level Description
role
sysadmin Members of the sysadmin fixed server role can perform any
activity in the server.
serveradmin Members of the serveradmin fixed server role can change
server-wide configuration options and shut down the server.
Securityadmin Members of the securityadmin fixed server role manage
logins and their properties. They can GRANT, DENY,
and REVOKE server-level permissions. They can also GRANT, DENY,
and REVOKE database-level permissions if they have access to a
database. Additionally, they can reset passwords for SQL
Server logins.
8
SQL Server Security
❑ Server-level roles

Fixed server-level Description

role
processadmin Members of the processadmin fixed server role can end processes
that are running in an instance of SQL Server.
setupadmin Members of the setupadmin fixed server role can add and remove
linked servers by using Transact-SQL statements.
(sysadmin membership is needed when using Management Studio.)
bulkadmin Members of the bulkadmin fixed server role can run the BULK
INSERT statement.
The bulkadmin role or ADMINISTER BULK OPERATIONS permissions
isn't supported for SQL Server on Linux. Only the sysadmin can
perform bulk inserts for SQL Server on Linux.

9
SQL Server Security
❑ Server-level roles

Fixed server-level Description

role
diskadmin The diskadmin fixed server role is used for managing disk files.
dbcreator Members of the dbcreator fixed server role can create, alter, drop,
and restore any database.
public Every SQL Server login belongs to the public server role. When a
server principal hasn't been granted or denied specific permissions
on a securable object, the user inherits the permissions granted
to public on that object. Only assign public permissions on any
object when you want the object to be available to all users. You
can't change membership in public.

10
SQL Server Security
❑ Database-level roles

Fixed-Database Description
role name
db_owner Members of the db_owner fixed database role can perform all configuration and
maintenance activities on the database, and can also drop the database in SQL
Server. (In SQL Database and Azure Synapse, some maintenance activities require
server-level permissions and can't be performed by db_owners.)
db_securityadmin Members of the db_securityadmin fixed database role can modify role membership
for custom roles only and manage permissions. Members of this role can potentially
elevate their privileges and their actions should be monitored.
db_accessadmin Members of the db_accessadmin fixed database role can add or remove access to
the database for Windows logins, Windows groups, and SQL Server logins.

11
SQL Server Security
❑ Database-level roles

Fixed-Database role Description

name
db_backupoperator Members of the db_backupoperator fixed database role can back up
the database.
db_ddladmin Members of the db_ddladmin fixed database role can run any Data
Definition Language (DDL) command in a database. Members of this
role can potentially elevate their privileges by manipulating code that
may get executed under high privileges and their actions should be
monitored.
db_datawriter Members of the db_datawriter fixed database role can add, delete, or
change data in all user tables. In most use cases this role will be
combined with db_datareader membership to allow reading the data
that is to be modified.
12
SQL Server Security
❑ Database-level roles

Fixed-Database role Description

name
db_datareader Members of the db_datareader fixed database role can read all data
from all user tables and views. User objects can exist in any schema
except sys and INFORMATION_SCHEMA.
db_denydatawriter Members of the db_denydatawriter fixed database role can't add,
modify, or delete any data in the user tables within a database.
db_denydatareader Members of the db_denydatareader fixed database role can't read any
data from the user tables and views within a database.

13
14
In this example; we create user “ahmed” for the database “university”, ahmed can read
only from tables courses and studentcourses.

15
In this example; we create user “fatima” for the database “university”, fatima can read
only from all database objects, but she can’t make any write operations.

16
In this example; the user Aisha can make update only on columns stuname and
stuaddress on table students

17
SQL Server Security
❑ Application roles

An application role is a database principal that enables an application to run with its own, user-like
permissions. You can use application roles to enable access to specific data to only those users who connect
through a particular application. Unlike database roles, application roles contain no members and are inactive
by default. Application roles are enabled by using command sp_setapprole, which requires a password.
Because application roles are a database-level principal, they can access other databases only through
permissions granted in those databases to guest. Therefore, any database in which guest has been disabled is
inaccessible to application roles in other databases.

18
SQL Server Security
❑ Application roles

The following steps make up the process by which an application role switches security contexts:
1.A user executes a client application.
2.The client application connects to an instance of SQL Server as the user.
3.The application then executes the sp_setapprole stored procedure with a password known
only to the application.
4.If the application role name and password are valid, the application role is enabled.
5.At this point, the connection loses the permissions of the user and assumes the permissions of
the application role.
The permissions acquired through the application role remain in effect for the duration of the
connection.
19
Dynamic Data Masking in SQL Server
Data Masking is the process of hiding data with different rules. One of the main reasons to apply data masking is to protect
Personal Identifiable Information (PII) and sensitive data from unauthorized access. Even when unauthorized users access
these data, they will not be able to view the actual values.

There are four types of Dynamic Data Masking in SQL Server as given below:

• Default Masking
Default masking will be applied depending on the data type. For the string data type, it will be masked to ‘XXXX’.
This is valid for the char, nchar, varchar, nvarchar, text and ntext data types. The value of numeric data types will
be masked as 0. This is will be valid for bigint, int, smallint, tinyint, bit, decimal, money, numeric, smallmoney,
float, real. All the date time data types such as date, datetime2, datetime, datetimeoffset, smalldatetime, time
will be masked at 1900/01/01 00:00:00 etc.

20
Dynamic Data Masking in SQL Server
• Partial Masking
Partial Masking is custom masking that can be applied. In this masking type, you can customize the masking to
satisfy your requirement.

• Random Masking
Random masking will be done for the numeric values with a given range. When the value is retrieved unmask
value will be a random value depending on the range that you have provided.

• Email Masking
Email masking can be used to mask email addresses. This email address will be exposed the first letter will be
replaced with the suffix by .com.

21
Dynamic Data Masking in SQL Server
The following table shows how the mask will happen for different masking types.

Masking Type Sample Data Masked Data

Default Mask Dinesh XXXX

Partial Dinesh DXXXh
Random 32 1

Email [email protected] [email protected]

22
Implementation of Dynamic Data Masking in SQL Server
Let us create a table with relevant masking functions as shown in the below table script.

CREATE TABLE EmployeeData

(MemberID INT IDENTITY PRIMARY KEY,
FirstName varchar(100)MASKED WITH (Function = 'default()'),
LastName varchar(100) MASKED WITH (Function = 'partial(1,"XXX",1)'),
Email varchar(100) MASKED WITH (function = 'email()'),
Age int MASKED WITH (Function = 'default()'),
JoinDate date MASKED WITH (Function = 'default()'),
LeaveDays int MASKED WITH (FUNCTION = 'random(1,5)'));

23
Implementation of Dynamic Data Masking in SQL Server
Let us insert a few records into the table from the following script.

INSERT INTO EmployeeData

(FirstName, LastName, Email,Age,JoinDate,LeaveDays)
VALUES
('ahmed','mohamed','[email protected]',27,'2020-01-01',12),
('aisha','Ali','[email protected]',22,'2020-01-01',1),
('fatima','abdullah','[email protected]',37,'2019-11-01',1),
('kamal','meftah','[email protected]',26,'2018-01-01',6)

24
Implementation of Dynamic Data Masking in SQL Server
Let us create a user to demonstrate data masking which has the SELECT permissions to the created data.

CREATE USER MaskUser WITHOUT Login;

GRANT SELECT ON EmployeeData TO MaskUser;
Let us query the data with the above user.

EXECUTE AS User= 'MaskUser';

SELECT * FROM EmployeeData

25
Implementation of Dynamic Data Masking in SQL Server
When you need to provide the UNMASK permissions to the above user.

GRANT UNMASK TO MaskUser;

if you want to find out what are the masked columns in the database, you can use the following script.

SELECT OBJECT_NAME(OBJECT_ID) TableName,Name ,is_masked,

masking_function FROM sys.masked_columns

26