Apprentice

TIL: Security Stuff™

March 12, 2018 by SQLDork 3 Comments

Testing Grant and Deny permissions in SQL Server.

Here’s a rough breakdown of the steps we followed:

Create a windows group, and create 2 users in the group (We’ll call them test1 and test2).
Make a new database called SecurityTest.
Add the windows group from earlier as a SQL LOGIN.
Add a USER for the login in the SecurityTest database, with no permissions (yet).
Create a table and put some data™ in it (We’ll call it SuperSecretTable™).
Grant select permission to the USER (Group).
Verify that users test1 and test2 can see the data™ (You’ll have to logon to the machine as these users).
Test2 takes a screenshot of the SuperSecretTable™ and posts it on Twitter, gets 3 likes.
I login as myself and specifically DENY test2 rights to view the table because he cannot be trusted with the data in the SuperSecretTable™ (Or crayons).
Test2 logs in again, and finds himself unable to even see the SuperSecretTable™, much less the data™ in it, even though he’s in a group that has been GRANTed SELECT permissions.

In doing this, we’ve proved that DENY takes precedence over GRANT, because we’re cool like that

/*Please work*/,

The Apprentice

Rant: Dead DBAs

November 27, 2017 by Kevin3NF 1 Comment

Where I go on a rant about the “death of the DBA”…which by comparison to others barely even qualifies as a rant 🙂

This is the post I reference in the video:

My prediction of the DBA role

And these are the names I mentioned:

Grant Fritchey
Brent Ozar
Pinal Dave
Paul Randal

I’ll let you YaBingGoogleHoo them yourself…

One thing I forgot to mention: If you are not improving your skills and learning all the time…you are not a dead DBA, but you are becoming a “Zombie DBA” (baaaackuuuupssss….)

Thanks for watching!

Kevin3NF

Free SQL Server DBA Fundamentals training (DFW) – completed

May 4, 2017 by Kevin3NF 2 Comments

Free. In person. Interactive.

Update: This is in-person only…not online or Webex at this time.

I really like training and teaching the basics of anything to people new to it. Right now that is SQL Server, and cycling (I am Kevin3NF or CoachKev depending…). Every day on the various forums I see the same questions over and over on basic tasks…and the askers go away with a solution but very often they don’t get the understanding to be able to resolve the issue on their own the next time.

So…if you are in or near the Dallas/Ft. Worth, Texas area and have a couple of hours free after work once every 2 weeks come join me for some very informal training.

Target audience:

Managers
Developers
SysAdmins
Students (college, tech schools, etc.)
Very junior/accidental DBAs that are struggling to stay afloat

If you are already a DBA, this is probably not for you unless you are just starting out.

RSVP for Day 5 here

5 weeks, every other Wednesday 6-8pm starting on May 24, 2017 in Richardson, TX.

Day 1 (May 24):
- Intro to databases, with a little history thrown in
- Installing SQL Server 2016/2014 (on your laptop)
Day 2 (June 7):
- Getting around in SQL Server Management Studio
- SQL Server Security Model
Day 3 (June 21):
- Backup Basics…the Why, followed by How
- Creating a database from scratch, or from a backup
Day 4 (July 5):
- Database querying basics – getting the CRUD
- Indexing and basic performance troubleshooting
Day 5 (July 19):
- High Availability/Disaster Recovery options (overview)
- Wrap up

If this goes as well as I hope, I will offer it again after some time off. Maybe in a different part of the Metroplex.

Not sure if this class is right for you? Ask in the comments, send me a DM on Twitter, or email me.

Thanks for reading!

Kevin3NF

Follow Dallas DBAs on LinkedIn:

The Apprentice: Locks and Blocks and Deadlocks….oh my!

March 30, 2017 by Kevin3NF Leave a Comment

I re-posted SQL 101 Blocking vs. Deadlocking – in English for the Non-DBA the other day for two reasons:

Its good info for new DBAs struggling to understand the interaction and differences in these terms
It was next on the list to walk the Apprentice through and he reads my Tweets 🙂

We had about an hour to spend working through this so we briefly covered the article, using Starbucks and Chick-Fil-A interchangeably as something you almost always have to wait in line for.

Things we managed to cover, test, or define in that one hour:

Lock: When a customer “Sally” (query1) walks up to the cashier “Ken” (Resource1), she has locked him into taking her order.
- Ken is a CPU here, or a Row/Page/Table…don’t overthink my analogies 😀
Block: The dude “Broseph” (query2) behind Sally (query1) has to wait…he’s blocked.
If the manager (Query Optimizer) sees that Sally is ordering 20 drinks for the office, he may open a second register and have Joe (Resource2) starting ringing up some of Sally’s orders. Brospeh is still in line, waiting. Sally has gone parallel.
If the manager decides Ken needs to work all of Sally’s order himself (MAXDOP1), he may open a second register (Joe/resource2) and move Broseph to that line.
If Max (query3) walks in, sees what is going on and decides he doesn’t really want coffee…he just rolls on back out the door and leaves a 1-star review on Yelp (failed transaction, retry?)

Other stuff we covered, in no particular order:

Deadlocking and the Mom process (see above link)
INSERT statements to create sample blocking
IMPLICIT and EXPLICIT transactions, so the tests actually work
4 parts of an object name [instance].[database].[schema].[object]
Why a sysadmin cannot directly query Instance2 from Instance1, regardless of his level of sysadmin-ness unless…
…Linked Server
sp_lock
master..sysprocesses (old skool)

Good times were had, jokes were made, stuff was learned. Oh…and every time we meet I ask him random stuff from previous meetings to gauge retention. So far so good.

Thanks for reading!

Kevin3NF

The Apprentice: Detective work

March 8, 2017 by Kevin3NF Leave a Comment

SQL Server Database Training Apprentice Detective

I decided to see how much knowledge and familiarity the Apprentice has retained in the area of Database Properties.

The Setup:

I wanted to simulate a customer engaging him to “Look at the database” because it doesn’t “seem right.” I created a Sales database on his machine and mis-configured some items, taking it far away from best practices. It came on line, but had issues 🙂

The first thing he noticed and asked about was the lack of tables or other objects. My response was that the “customer” was installing a 3rd party application which has two steps: Create the Database, and then Create the Objects. They thought the results of step one were odd and called us.

What he found:

Auto-Shrink enabled (very common for 3rd party apps)
Insane file names (Logical: Bill and Log_Ted, Physical: Taco.mdf – data and Burrito.Mdf – log file)
Auto-grow for data file of 1 MB, capped at 5 MB
Auto-grow for log of 100%, unlimited

No backups had been taken, but I don’t recall if he found that or if we even discussed it. He is well aware of backups and recovery models.

This took us down a conversation of best practices, and how to rename files in a database, both Logical and Physical. What’s really fun is when you want to look up the ALTER DATABASE command to rename the physical files and the internet connection is down…so no MSDN or Google!

We used the GUI to create a script for changing the logical names, then modified that for the physical files instead. And he already knew that the actual files on disk had to be changed as well.

He did really well on this, with very little prompting. Well done!

Thanks for reading!

Kevin3NF

The Apprentice: Non-SQL stuff that SQL Server depends on

February 27, 2017 by Kevin3NF Leave a Comment

The apprentice and I gathered at my house Sunday evening for a bit of training. I gave him some homework ahead of time to go look up RAID and the most common levels.

Yep…we spent an hour standing/sitting in my kitchen discussing RAID 0/1/10/5/5+1, etc.

And Spinning disks vs. SSD

And Memory (including addresses)

And CPUs

And SAN vs. DAS vs. internal

And how SQL Server uses all of these items.

And how the costs associated with these choices vary from client to client.

And how it is perfectly acceptable to blame the storage team for anything up to and including your lunch being stolen from the office fridge. 😉

We never even started the SQL Services…went old school with pen and paper to map things out.

Short one today, thanks for reading!

Kevin3NF