Microsoft SQL Server – Part 2
Microsoft SQL Server – Data Files
Databases are physically contained in files. The files are usually extensions:
* MDF (Main Database File) for the first data file
* NDF (Next Database File) for other data files
* LDF (Log Database File) for logfiles of transaction
The files are divided into blocks of 8196 bytes called pages and are organized in blocks of 8 pages which called extensions. Until the Microsoft SQL Server 2000 version, the lines were limited to a maximum size of 8060 bytes (but the BLOB columns were not included in this limit). Since the Microsoft SQL Server 2005 version, it is possible to exceed this limit and up to 4 billion bytes. However it is useful to limit the size of page to 8096 bytes. The databases can only work if all files are present.
Data files are grouped logically in the database into groups of files. These files and file groups can be saved independently if there is no interdependence between logical objects in a file and another, especially the referential integrity.
Rights
Services running each instance of SQL Server uses a service account. The latter must be chosen carefully to avoid potential security vulnerabilities on the server. This can be: Service System, Local Service (Windows 2003), Network Service (Windows 2003), local Windows user account, domain user account.
The scheduler or planner task of SQL Server, SQL Agent is running also as a service, for which you must assign a service account.
SQL Server uses the default authentication system as for Windows. You can give rights to various elements of SQL Server to a group or a user. When connecting to the database, the user is identified by its Windows login and then only he or she can access the resources of the database which the administrator has given him or her, the right through the Windows group or directly to the user’s ID.
When accessing an external resource, the SQL Server process is done in 3 different ways: by impersonation layer when Windows is configured correctly, the user can access through the SQL Server resources which he would be entitled if a direct access, for the service account of the proceedings, when the user is “sysadmin”, and for some tasks it does not allow access, and in all other cases.
As there are cases where the user can not be identified by their Windows login, a direct identification method to SQL Server can be implemented. It must be explicitly done by the administrator of the forum. When access to a resource outside the SQL Server, the process is of 2 different ways, for the service account of the proceedings when the user is sysadmin and for some tasks it does not allow access on all other cases.
To access a resource outside, the SQL Server 2005 adds the ability to create credentials that Windows accounts are recorded just for this purpose. Users can be associated with these Windows accounts for access to external resources.
When a user is connected to an instance, it can have rights on the forum itself and / or each of the databases managed by the department. Rights over the body are given through instituting predefined roles. The rights to the databases are provided through role database, groups, or Windows directly to the user.
There are roles of database system that gives specific rights on the basis of data and other defined by the administrator who gives the rights to objects. When access to an instance is given to a user or a Windows group that has a space in which users can be registered the objects having a name identical to that of another user-space. The default user space of the directors of a database is “dbo” (database owner).
It exists in databases of application role that can affect the rights and accessible via password. They are used to prohibit access to users in a database by means other than the application that is provided.
Study: Thanks to: Wikipedia. Text is available under the Creative Commons
To be continued…
