You administer a Microsoft SQL Server database. The database has a table named Customers owned by UserA and another table named Orders owned by UserB. You also have a stored procedure named GetCustomerOrderInfo owned by UserB. GetCustomerOrderInfo selects data from both tables.
You create a new user named UserC.
You need to ensure that UserC can call the GetCustomerOrderInfo stored procedure. You also need to assign only the minimum required permissions to UserC.
Which permission or permissions should you assign to UserC? Each correct answer presents part of the solution.
The Select permission on Customers
The Execute permission on GetCustomerOrderInfo
The Take Ownership permission on Customers
The Control permission on GetCustomerOrderInfo
The Take Ownership permission on Orders
The Select permission on Orders
Correct answer: B
Explanation:
How Permissions Are Checked in a Chain When an object is accessed through a chain, SQL Server first compares the owner of the object to the owner of the calling object. This is the previous link in the chain. If both objects have the same owner, permissions on the referenced object are not evaluated. Due to ownership chaining, you would only need to give Execute permissions to UserC to access the Orders table since UserB is the owner. References: https://technet.microsoft.com/en-us/library/ms188676(v=sql.105).aspx
How Permissions Are Checked in a Chain
When an object is accessed through a chain, SQL Server first compares the owner of the object to the owner of the calling object. This is the previous link in the chain. If both objects have the same owner, permissions on the referenced object are not evaluated.
Due to ownership chaining, you would only need to give Execute permissions to UserC to access the Orders table since UserB is the owner.
You administer a Microsoft SQL Server 2012 database named ContosoDB. The database contains a table named Suppliers and a column named IsActive in the Purchases schemA.
You create a new user named ContosoUser in ContosoDB. ContosoUser has no permissions to the Suppliers table.
You need to ensure that ContosoUser can delete rows that are not active from Suppliers. You also need to grant ContosoUser only the minimum required permissions.
Which Transact-SQL statement should you use?
Correct answer: D
Explanation:
Incorrect:Not B: The dbo , or database owner, is a user account that has implied permissions to perform all activities in the database. This would go against the requirement to grant ContosoUser only the minimum required permissions.References:http://msdn.microsoft.com/en-us/library/ms188354.aspxhttp://msdn.microsoft.com/en-us/library/ms187926.aspx
Incorrect:
Not B: The dbo , or database owner, is a user account that has implied permissions to perform all activities in the database. This would go against the requirement to grant ContosoUser only the minimum required permissions.
You use a contained database named ContosoDb within a domain.
You need to create a user who can log on to the ContosoDb database. You also need to ensure that you can port the database to different database servers within the domain without additional user account configurations.
Which type of user should you create?
User mapped to a certificate
SQL user without login
Domain user
SQL user with login
Correct answer: C
Explanation:
Contained user There are two types of users for contained databases. Contained database user with password Contained database users with passwords are authenticated by the database. Windows principals Authorized Windows users and members of authorized Windows groups can connect directly to the database and do not need logins in the master database. The database trusts the authentication by Windows. References: https://docs.microsoft.com/en-us/sql/relational-databases/databases/contained-databases?view=sql-server-2017
Contained user
There are two types of users for contained databases.
Contained database user with password
Contained database users with passwords are authenticated by the database.
Windows principals
Authorized Windows users and members of authorized Windows groups can connect directly to the database and do not need logins in the master database.
The database trusts the authentication by Windows.