Subtitles of the Movie

In our last video, we talked about the GRANT and REVOKE statement and we showed how we can give away privileges. What I'd like to do now is go into the Management Studio and show you the examples that we can use through the actual program itself. Now, first, keep in mind that in this video, I'm going to talk about creating roles. In creating roles, in order to pull it inline with our last video, let's first talk about how we can do that through a query. I have an example of a query that's going to create the role EVERYTHING. The authorization is going to be for Lauri and I simply put in the GO command. The statement, when executed, has actually created the database role called EVERYTHING. If I wish, I could also just right click and create a new database role using the interface. All I simply need to do is create the role name and the owner and I can also assign a schema at this particular point in time. Now, when we talk in terms of actually giving out that schema, we're talking about the list that we see here. Now, please keep in mind when you see the Ðdb? in front of the name, we have a tendency to be seeing the system roles and the system schemas. Notice that I put everything in capital letters so it was very easy for you to see that was a user-entered role. Now, of course, you don't need to use this. I was just pointing it out as the differences in this video. I'm going to go in and create a new schema. When I create the new schema, I can simply give it a name and in this case, I'll just call it Name. I now can go in and search for the owner of the schema itself. Notice that this is bringing up the individual roles and the individuals. Let's say, for instance, that Lauri can have this particular schema. Now I'm gonna go into the permissions. In the permissions, I'm once again going to add a user or a role. Let's give the role this time to EVERYTHING. Once I add EVERYTHING, now you'll notice on the bottom it opens it up so that I can actually grant, I can deny, or I can give the, with the admin grant permissions, so this allows me now to really totally control the access to the database itself. Now, do keep in mind, one of the things that we always forget in security is that the actual implications are in the planning. It's very easy to do the footwork inside of our programs without really thinking out the flow of your database. Who should be where? That's the difficult aspect of it. Along with putting our database roles in, remember also we have the ability to put in our users. Once again, we can add our users, have our users go into groupings under a database or an application if necessary. So, in working with your security, we can use the built-in features or we can use the SQL statements. Choose whichever you prefer. Remember again, all databases work fundamentally the same, although where you go and slight nuances in terminology may vary, it's the exact same concept in the background.