What can securables do in 2005/2008 that you couldn't in 2000?

Posted on 2011-09-06
Last Modified: 2012-05-12
SQL Server 2000 had permissions you can use to secure certain tasks so then what can you do with securables in 2005/2008 that you couldn't do before?
Question by:dsrnu
LVL 12

Expert Comment

ID: 36493833
Securables are the resources to which the SQL Server Database Engine authorization system regulates access. Some securables can be contained within others, creating nested hierarchies called "scopes" that can themselves be secured.

So its basically for controlling the access in more organized manner.
LVL 28

Accepted Solution

Ryan McCauley earned 250 total points
ID: 36497334
Are you just asking in what ways the security scopes are handled differently in SQL 2000 vs the newer versions, or maybe what new objects are available to have security applied to them?

If so, I don't believe there are any major differences here, as you can still secure the same objects and schemas, as you could in SQL 2000. I can't think of any new securables offhand, but SQL Server applies security to everything it does, and any task you're allowed to perform has certain access rights associated with it. If it's possible, it can granted or revoked for any user of the system.

Do you have something in particular you're asking about?

Author Comment

ID: 36497346
So what can securables do taht you couldn't before in 2000 then?
LVL 28

Assisted Solution

by:Ryan McCauley
Ryan McCauley earned 250 total points
ID: 36497406
I'm still not sure I understand your question, but I don't believe there's anything new that you can do. Are you just looking for a comparison of the versions, or do you have something particular in mind that you're asking about?
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

LVL 21

Assisted Solution

JestersGrind earned 125 total points
ID: 36497443
This sounds like an interview or test question, but I'll bite anyway.  In SQL Server 2000, you could assign permissions on SELECT, UPDATE, DELETE, CREATE, etc.  SQL Server 2005 introduced more granular security and allowed  things like CONTROL, ALTER, IMPERSONATE, TAKE OWNERSHIP, etc.  Here is the Microsoft reference.



Author Comment

ID: 36497636
Greg, not an interview or test question. =) Just trying to grasp the key differences between SQL Server 2000 and SQL Server 2005/2008 as it relates to secuirty (securables, objects, and permissions).

I'm taking a look at the different permissiong granted to users between SQL Server 2000 and SQL Server 2005/2008.. so then, are you saying that you cannot do something like CONTROL SERVER in 2000 but you can in 2005/2008?

Author Comment

ID: 36497644
Also--what would be an example of something more granular than GRANT SELECT on tables?
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 125 total points
ID: 36497713
First, securables in MSSQL2005 and permissions in MSSQL2000 are not comparable.  You grant/deny *permissions* to *securables*.  The main difference is the expansion of the number of items that can be permitted in 2005+.  

MSSQL2000 allowed permissions for a standard selection of things.  You could assign permissions to users for tables, views, functions, and so on.  In 2005+, that selection has been very much globalized.  In 2000, "securables" were mainly just "database objects".  The introduction of the new term in 2005+ expands that collection to virtually anything in the database service.  Since the structure of the underlying engines has moved away from procedural and towards object-oriented, everything in it is now an object.  As such, every object can be secured with permissions.  Also, this new structure allows for privilege chaining, which is akin to the "EXECUTE AS" concept from stored procedures.  Chaining, though, can apply to any securable object on the server, or even across servers.

So what can be done with this new system?  Well, it sets up the same kind of security mechanism one finds in Active Directory.  You can create mini-fiefdoms governed by delegated managerial accounts, for example, that do not have access to system- or server-wide abilities.  In 2000, if you wanted someone to manage security for a database, you made them part of the db_securityadmin role.  But suppose you only wanted them to manage the Sales groups of user accounts.  In 2005, you can quickly create a group of database users, and grant your manager full access to manage just that securable (the group), and nothing else.

The system lends itself towards a much more granular style of security management.  Where the older security system is a hammer pounding things into shape, the new one is an etching tool allowing you to control the fine details.


Author Comment

ID: 36497737
great explanations!!

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now