SQL SERVER – Identifying guest User using Policy Based Management

If you are following my recent blog posts, you may have noticed that I’ve been writing a lot about Guest User in SQL Server. Here are all the blog posts which I have written on this subject:

One of the requests I received was whether we could create a policy that would prevent users unable guest user in user databases. Well, here is a quick tutorial to answer this. Let us see how quickly we can do it.

Requirements

  1. Check if the guest user is disabled in all the user-created databases.
  2. Exclude master, tempdb and msdb database for guest user validation.

We will create the following conditions based on the above two requirements:

  1. If the name of the user is ‘guest’
  2. If the user has connect (@hasDBAccess) permission in the database
  3. Check in All user databases, except: master, tempDB and msdb

Once we create two conditions, we will create a policy which will validate the conditions.

Condition 1: Is the User Guest?

Expand the Database >> Management >> Policy Management >> Conditions

Right click on the Conditions, and click on “New Condition…”. First we will create a condition where we will validate if the user name is ‘guest’, and if it’s so, then we will further validate if it has DB access.

Check the image for the necessary configuration for condition:
Facet: User
Expression:
@Name = ‘guest’

Condition 2: Does the User have DBAccess?

Expand the Database >> Management >> Policy Management >> Conditions

Right click on Conditions and click on “New Condition…”. Now we will validate if the user has DB access.

Check the image for necessary configuration for condition:
Facet: User
Expression:
@hasDBAccess = False

Condition 3: Exclude Databases

Expand the Database >> Management >> Policy Management >> Conditions

Write click on Conditions and click on “New Condition…” Now we will create condition where we will validate if database name is master, tempdb or msdb and if database name is any of them, we will not validate our first one condition with them.

Check the image for necessary configuration for condition:
Facet: Database
Expression:
@Name != ‘msdb’
AND @Name != ‘tempdb’
AND @Name != ‘master’

The next step will be creating a policy which will enforce these conditions.

Creating a Policy

Right click on Policies and click “New Policy…”

Here, we justify what condition we want to validate against what the target is.

Condition: Has User DBAccess
Target Database: Every Database except (master, tempdb and MSDB)
Target User: Every User in Target Database with name ‘guest’

Now we have options for two evaluation modes: 1) On Demand and 2) On Schedule

We will select On Demand in this example; however, you can change the mode to On Schedule through the drop down menu, and select the interval of the evaluation of the policy.

Evaluate the Policies

We have selected OnDemand as our policy evaluation mode. We will now evaluate by means of executing Evaluate policy. Click on Evaluate and it will give the following result:

The result demonstrates that one of the databases has a policy violation. Username guest is enabled in AdventureWorks database. You can disable the guest user by running the following code in AdventureWorks database.

USE AdventureWorks;
REVOKE CONNECT FROM guest;

Once you run above query, you can already evaluate the policy again. Notice that the policy violation is fixed now.

You can change the method of the evaluation policy to On Schedule and validate policy on interval. You can check the history of the policy and detect the violation.

Quiz

I have created three conditions to check if the guest user has database access or not. Now I want to ask you: Is it possible to do the same with 2 conditions? If yes, HOW? If no, WHY NOT?

Reference: Pinal Dave (http://blog.sqlauthority.com)

About these ads

SQLAuthority News – I am Speaking at SQL Saturday 116 – Bangalore, India on January 7, 2012 – First SQL Saturday in India

SQLSaturday 116 is now only 3 days away. SQL Saturday is FREE event all the attendees and 100% SQL community driven. This is very first SQL Saturday in India and I am very much excited that I will be speaking at this event on my favorite subject of SQL Server Performance Tuning. I have so far delivered 100s of presentation on this subject but this subject never gets old and I never ran out of new tips and tricks.

I suggest you mark your calender right now and present at the hall before time to secure your seat.

Session Details

SQL Server Performance Tips and Tricks

In this session we will go over various SQL Server Performance Tuning Tricks and Tips. Learn about top tips and best SQL Server performance practices related to:

  • Unused Indexes
  • Clustered Indexes
  • Importance of Statistics
  • Index Maintenance Scripts
  • ColumnStore Index
  • A Surprise Secret Tip

January 7, 2012 1:30 PM

I will ask 5 questions during my session and needless to say 5 winners will get copy of my book.

The session will be 100% demo oriented and I will share lots of tips and tricks during this session. Just like every other session of mine, this session will have lots of trivia for you as well it will be extremely interactive. If you prefer to stay quite during the session, this session will a perfect technology opener for you. Once you are in the session – you will be talking and discussion various aspect of performance along with your co-attendees and me.

Additionally, I am personally waiting for the sessions of Rick Morelan who is founder of Joes 2 Pros series. Do not miss any of the sessions of SQL Saturday – here is the complete schedule.

My friend Vinod Kumar has written blog on his sessions, read it here.

Note: Session will be not recorded. There will be no live cast of the session.

Reference: Pinal Dave (http://blog.SQLAuthority.com)

SQL SERVER – Mastering the Basics – Igniting Learning – A Unique Learning Experience

It has been my lifelong dream to be an author, and recently I have seen that goal realized three times.  One of the books I am most proud of is SQL Server Interview Questions and Answers. When I wrote SQL Server Interview Questions and Answers – I had very clear idea what my goals were for the book.

My goals were simple:

  1. Mastering the Basics
  2. Igniting Learning

I am very fortunate that my co-author shares the same love and passion for the SQL Server community. Vinod Kumar always believed in my same two goals. Our combined passion for the subject made writing this book a pleasant, even invigorating experience. We always felt this urge to help community and those who are eager to learn more. Years of learning the basics and practicing advanced technology led us to believe that learning the basics is sometimes the most difficult task of all. Once someone masters the basics, advanced concepts come easy. We have kept this in mind as we wrote this book.

A Book for Everyone

This book is not just for people who are looking to get their first job in the information technology field.  If you do not have an upcoming interview, if you already work in the field, but have questions about SQL Server or know that there are topics you should brush up on, then this is the book for you.

You don’t have to have a certain level of experience to get a lot from this book, either.  If you are a beginner you will not be totally confused by the topics – in fact, we tried to lay out the book for beginners.  However, experts will also find a lot to learn in these pages. Too.

Philosophy of the Book

We believe that this book will give advanced users a refresher and beginners a good learning point. We believe that after reading this book, our readers would be ignited to learn more. The goal of this book was not to tell you everything but to tell you enough so that you can learn yourself. Here is the hidden philosophy behind the book:

“Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.” – Source Unknown

Our goal in writing this book was to give our readers a SQL Server fishing pole.  They can then learn how to “fish out” the good answers and solutions to their problems.  This book does not list the most common problems (and interview questions) and then give a long list about exactly what to do.  The point of this book was to teach the readers to think for themselves – and feed themselves for a lifetime.

Mastering the Basics

Recently someone asked me if they could pass an interview just by reading this book. The answer is – interviews are a complex process. One’s goal should not be to merely pass the interview. The goal should be to demonstrate your knowledge and find the right appropriate way to apply your learning. Think of it this way, before attempting to pass an interview just by remembering the right answers – ask yourself if you will be able to perform the real world tasks – the answer can be complex. How about this – learn all you can about the real work job before you go to the interview, and master the subject. Now when you go to the interview or to the real world job, you will always demonstrate superior quality and the ability to perform the necessary tasks.

Igniting Learning

Well, our book is exactly the same. It tells you what you should learn in depth, what you should know in the real world, what kind of information you should collect and master before you go on that interview. Do not use this book as a tool to pass the interview – it will not work that way – consider the book as ‘learning path’. Take each topic covered in the book and dwell on it, think about it and digest it slowly and masterfully. The book is designed in such a way that every important topic has enough reference material listed right below it. You can use the references listed there or do your own search on the subject. Just make sure that the learning experience is complete.

Real World Experience

In a tough job market, it can be easy to look at a job advertisement and think to yourself, “I could do that job.”  You might know just a little bit about a subject, and you think that if you study hard enough you will sound smart enough to get the job, and then later you can learn all you can about the subject.  However, while our book will certainly help with the “sounding smart” part, you will also find that it encourages you to really learn SQL Server before that interview – with lots of real world examples and pointers advanced learning.  We encourage everyone to think about the job they want and love, and go for it.  Don’t look at book as just a way to get a job.

YOU!

We are constantly flooded with numerous emails, positive comments and constructive feedback. We are overwhelmed that almost everybody has understood the philosophy behind the book. SQL Server experts have told us that this book has helped them remember the basics and many have sent us questions to incorporate into the next versions. We believe the success of this concept is the positive energy which we have received from all of YOU!

Here are few blog posts about the book:

1) Review by Nakul VachhrajaniGood, portable book with easy to understand language on SQL Server Interview Questions & Answers

2) Review by Paras DoshiBook Review: SQL server Interview Questions and Answers by Pinal Dave and Vinod Kumar.

 3) Review by Madhivanan SQL Server MVP  – Book Review – SQL Server Interview Questions and Answers

4) Review by Sandeep KalraPinal Dave and Vinod Kumar‘s SQL Server Interview Questions and Answers: Book review

This book is available worldwide, here is the information about book – SQL Server Interview Questions and Answers

Reference: Pinal Dave (http://blog.SQLAuthority.com)

SQL SERVER – Plenty of SQL Community Updates

Every day we learn something new and we come across something which we like to read. I had decided to keep a log of things what I do during whole day. Here are few updates which I think you will find it interesting. This updates are in no specific order.

Comment by David Bridge on SQL SERVER – Effect of SET NOCOUNT on @@ROWCOUNT
David has written comment and clarified the message which I wanted to pass while writing blog post. I wish I had written the statement “NOCOUNT statement only affects the information messages and not the DML statement results ” which he wrote effortlessly in comment. Thanks David.

Blog by Vinod Kumar on SQL Server RC0 Resources
Vinod Kumar compiles the exhausting list of links and resources that might be of some interest to you on SQL Server 2012 RC0.

SQL Saturday 116
SQL Server 116 is here in India. This is going to very first SQL Saturday in India. Here are various links related to SQL Saturday 116.

Excellent Best Practices article by Aaron Bertrand
Aaron has written excellent timeless article on SQL Server Best Practices. If you have not read it earlier, well you read it now.

Just learned from Madhivanan – SSMS Allows you to ask a question in the MSDN forum directly from SSMS
I really loved this simple trick. I did know this earlier and I have now just learned.

SQL Server Interview Questions and Answers on Kindle
Our new book SQL Server Questions and Answers is now available on Kindle at special rate for this month.

Pluralsight SQL Server training courses by Dan Sullivan
I have so far attended every single course created by Dan on Pluralsight and find it very informative.

Well, these are my top 7 updates of yesterday.

Reference: Pinal Dave (http://blog.SQLAuthority.com)

SQL SERVER – Where Can YOU Get My Books – SQL Server Interview Question and Answers

Earlier month I released by third book SQL Server Interview Question and Answers. The focus of this book is ‘master the basics’. If you rate yourself 10 out of 10 in SQL Server – this book is not for you but if you want to learn fundamentals or want to refresh your fundamentals this book is for YOU. Earlier I was overwhelmed by love you all have shown to this book on release date leading our three digit inventory to run out of stock. Read detail blog post about the subject over here A Real Story of Book Getting ‘Out of Stock’ to A 25% Discount Story Available.

Well, we learn the lesson from the experience and have made sure that the inventory does not run out any more. Since then we are now available on multiple outlets. Pretty much anywhere in USA and India the book is available. Additionally, where ever Amazon ships internationally.

I have created dedicated page where I have listed where one can avail this book from Details of SQL Server Interview Question and Answers. Even though I keep on getting common question like – where one can get this book.

You can get this book from:

USA: Amazon

India: Flipkart | IndiaPlaza | Crossword

In India now you can walk into any crossword store and ask this book, if they do not have it, you can ask them get one for you.

Reference: Pinal Dave (http://blog.SQLAuthority.com)

SQLAuthority News – SQL Server Interview Questions And Answers Book Summary

Today we are using computers for various activities, motor vehicles for traveling to places, and mobile phones for conversation. How many of us can claim the invention of micro-processor, a basic wheel, or the telegraph? Similarly, this book was not written overnight. The journey of this book goes many years back with many individuals to be thanked for.

To begin with, we want to thank all those interviewers who reject interviewees by saying they need to know ‘the key things’ regardless of having high grades in class. The whole concept of interview questions and answers revolves around knowing those ‘key things’.

The core concept of this book will continue to evolve over time. I am sure many of you will come along with us on this journey and submit your suggestions to us to make this book a key reference for anybody who wants to start with SQL Server. Today we want to acknowledge the fact that you will help us keep this book alive forever with the latest updates. We want to thank everyone who participates in this journey with us.

Though each of these chapters are geared towards convenience we highly recommend reading each of the sections irrespective of the roles you might be doing since each of the sections have some interesting trivia about working with SQL Server. In the industry the role of accidental DBA’s (especially with SQL Server) is very common. Hence if you have performed the role of DBA for a short stint and want to brush-up your fundamentals then the upcoming sections will be a great review.

Table Of Contents

  • Database Concepts With Sql Server
  • Common Generic Questions & Answers
  • Common Developer Questions
  • Common Tricky Questions
  • Miscellaneous Questions On Sql Server 2008
  • Dba Skills Related Questions
  • Data Warehousing Interview Questions & Answers
  • General Best Practices

[Amazon] | [Flipkart]

Reference: Pinal Dave (http://blog.SQLAuthority.com)

SQLAuthority News – New Book Released – SQL Server Interview Questions And Answers

Two days ago, on birthday of my blog – I asked simple question – Guess! What is in this box?

I have received lots of interesting comments on the blog about what is in it. Many of you got it absolutely incorrect and many got it close to the right answer but no one got it 100% correct. Well, no issue at all, I am going to give away the price to whoever has the closest answer first in personal email.

Here is the answer to the question about what is in the box? Here it is – the box has my new book. In fact, I should say our new book as I co-authored this book with my very good friend Vinod Kumar. We had real blast writing this book together and had lots of interesting conversation when we were writing this book. This book has one simple goal – “master the basics.”

This book is not only for people who are preparing for interview. This book is for every one who wants to revisit the basics and wants to prepare themselves to the technology. One always needs to have practical knowledge to do their duty efficiently. This book talks about more than basics. There are multiple ways to present learning – either we can create simple book or make it interesting. We have decided the learning should be interactive and have opted for Interview Questions and Answer format.

Here is quick interview which we have done together.

Details of the books are here

The core concept of this book will continue to evolve over time. I am sure many of you will come along with us on this journey and submit your suggestions to us to make this book a key reference for anybody who wants to start with SQL server. Today we want to acknowledge the fact that you will help us keep this book alive forever with the latest updates. We want to thank everyone who participates in this journey with us.

You can get the books from [Amazon] | [Flipkart].

Read Vinod‘s blog post. Do not forget to wish him happy birthday as today is his birthday and also book release day – two reason to wish him congratulations.

Reference: Pinal Dave (http://blog.SQLAuthority.com)