What can securables do in 2005/2008 that you couldn't in 2000?

Posted on 2011-09-06
Last Modified: 2012-05-12
SQL Server 2000 had permissions you can use to secure certain tasks so then what can you do with securables in 2005/2008 that you couldn't do before?
Question by:dsrnu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 12

Expert Comment

ID: 36493833
Securables are the resources to which the SQL Server Database Engine authorization system regulates access. Some securables can be contained within others, creating nested hierarchies called "scopes" that can themselves be secured.

So its basically for controlling the access in more organized manner.
LVL 28

Accepted Solution

Ryan McCauley earned 250 total points
ID: 36497334
Are you just asking in what ways the security scopes are handled differently in SQL 2000 vs the newer versions, or maybe what new objects are available to have security applied to them?

If so, I don't believe there are any major differences here, as you can still secure the same objects and schemas, as you could in SQL 2000. I can't think of any new securables offhand, but SQL Server applies security to everything it does, and any task you're allowed to perform has certain access rights associated with it. If it's possible, it can granted or revoked for any user of the system.

Do you have something in particular you're asking about?

Author Comment

ID: 36497346
So what can securables do taht you couldn't before in 2000 then?
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

LVL 28

Assisted Solution

by:Ryan McCauley
Ryan McCauley earned 250 total points
ID: 36497406
I'm still not sure I understand your question, but I don't believe there's anything new that you can do. Are you just looking for a comparison of the versions, or do you have something particular in mind that you're asking about?
LVL 21

Assisted Solution

JestersGrind earned 125 total points
ID: 36497443
This sounds like an interview or test question, but I'll bite anyway.  In SQL Server 2000, you could assign permissions on SELECT, UPDATE, DELETE, CREATE, etc.  SQL Server 2005 introduced more granular security and allowed  things like CONTROL, ALTER, IMPERSONATE, TAKE OWNERSHIP, etc.  Here is the Microsoft reference.



Author Comment

ID: 36497636
Greg, not an interview or test question. =) Just trying to grasp the key differences between SQL Server 2000 and SQL Server 2005/2008 as it relates to secuirty (securables, objects, and permissions).

I'm taking a look at the different permissiong granted to users between SQL Server 2000 and SQL Server 2005/2008.. so then, are you saying that you cannot do something like CONTROL SERVER in 2000 but you can in 2005/2008?

Author Comment

ID: 36497644
Also--what would be an example of something more granular than GRANT SELECT on tables?
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 125 total points
ID: 36497713
First, securables in MSSQL2005 and permissions in MSSQL2000 are not comparable.  You grant/deny *permissions* to *securables*.  The main difference is the expansion of the number of items that can be permitted in 2005+.  

MSSQL2000 allowed permissions for a standard selection of things.  You could assign permissions to users for tables, views, functions, and so on.  In 2005+, that selection has been very much globalized.  In 2000, "securables" were mainly just "database objects".  The introduction of the new term in 2005+ expands that collection to virtually anything in the database service.  Since the structure of the underlying engines has moved away from procedural and towards object-oriented, everything in it is now an object.  As such, every object can be secured with permissions.  Also, this new structure allows for privilege chaining, which is akin to the "EXECUTE AS" concept from stored procedures.  Chaining, though, can apply to any securable object on the server, or even across servers.

So what can be done with this new system?  Well, it sets up the same kind of security mechanism one finds in Active Directory.  You can create mini-fiefdoms governed by delegated managerial accounts, for example, that do not have access to system- or server-wide abilities.  In 2000, if you wanted someone to manage security for a database, you made them part of the db_securityadmin role.  But suppose you only wanted them to manage the Sales groups of user accounts.  In 2005, you can quickly create a group of database users, and grant your manager full access to manage just that securable (the group), and nothing else.

The system lends itself towards a much more granular style of security management.  Where the older security system is a hammer pounding things into shape, the new one is an etching tool allowing you to control the fine details.


Author Comment

ID: 36497737
great explanations!!

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how the fundamental information of how to create a table.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question