What can securables do in 2005/2008 that you couldn't in 2000?

Posted on 2011-09-06
Last Modified: 2012-05-12
SQL Server 2000 had permissions you can use to secure certain tasks so then what can you do with securables in 2005/2008 that you couldn't do before?
Question by:dsrnu
LVL 12

Expert Comment

ID: 36493833
Securables are the resources to which the SQL Server Database Engine authorization system regulates access. Some securables can be contained within others, creating nested hierarchies called "scopes" that can themselves be secured.

So its basically for controlling the access in more organized manner.
LVL 28

Accepted Solution

Ryan McCauley earned 250 total points
ID: 36497334
Are you just asking in what ways the security scopes are handled differently in SQL 2000 vs the newer versions, or maybe what new objects are available to have security applied to them?

If so, I don't believe there are any major differences here, as you can still secure the same objects and schemas, as you could in SQL 2000. I can't think of any new securables offhand, but SQL Server applies security to everything it does, and any task you're allowed to perform has certain access rights associated with it. If it's possible, it can granted or revoked for any user of the system.

Do you have something in particular you're asking about?

Author Comment

ID: 36497346
So what can securables do taht you couldn't before in 2000 then?
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 28

Assisted Solution

by:Ryan McCauley
Ryan McCauley earned 250 total points
ID: 36497406
I'm still not sure I understand your question, but I don't believe there's anything new that you can do. Are you just looking for a comparison of the versions, or do you have something particular in mind that you're asking about?
LVL 21

Assisted Solution

JestersGrind earned 125 total points
ID: 36497443
This sounds like an interview or test question, but I'll bite anyway.  In SQL Server 2000, you could assign permissions on SELECT, UPDATE, DELETE, CREATE, etc.  SQL Server 2005 introduced more granular security and allowed  things like CONTROL, ALTER, IMPERSONATE, TAKE OWNERSHIP, etc.  Here is the Microsoft reference.



Author Comment

ID: 36497636
Greg, not an interview or test question. =) Just trying to grasp the key differences between SQL Server 2000 and SQL Server 2005/2008 as it relates to secuirty (securables, objects, and permissions).

I'm taking a look at the different permissiong granted to users between SQL Server 2000 and SQL Server 2005/2008.. so then, are you saying that you cannot do something like CONTROL SERVER in 2000 but you can in 2005/2008?

Author Comment

ID: 36497644
Also--what would be an example of something more granular than GRANT SELECT on tables?
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 125 total points
ID: 36497713
First, securables in MSSQL2005 and permissions in MSSQL2000 are not comparable.  You grant/deny *permissions* to *securables*.  The main difference is the expansion of the number of items that can be permitted in 2005+.  

MSSQL2000 allowed permissions for a standard selection of things.  You could assign permissions to users for tables, views, functions, and so on.  In 2005+, that selection has been very much globalized.  In 2000, "securables" were mainly just "database objects".  The introduction of the new term in 2005+ expands that collection to virtually anything in the database service.  Since the structure of the underlying engines has moved away from procedural and towards object-oriented, everything in it is now an object.  As such, every object can be secured with permissions.  Also, this new structure allows for privilege chaining, which is akin to the "EXECUTE AS" concept from stored procedures.  Chaining, though, can apply to any securable object on the server, or even across servers.

So what can be done with this new system?  Well, it sets up the same kind of security mechanism one finds in Active Directory.  You can create mini-fiefdoms governed by delegated managerial accounts, for example, that do not have access to system- or server-wide abilities.  In 2000, if you wanted someone to manage security for a database, you made them part of the db_securityadmin role.  But suppose you only wanted them to manage the Sales groups of user accounts.  In 2005, you can quickly create a group of database users, and grant your manager full access to manage just that securable (the group), and nothing else.

The system lends itself towards a much more granular style of security management.  Where the older security system is a hammer pounding things into shape, the new one is an etching tool allowing you to control the fine details.


Author Comment

ID: 36497737
great explanations!!

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
I have a large data set and a SSIS package. How can I load this file in multi threading?
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question