Database Security in SQL Server 7.0 and 2000

Abstract

In SQL Server 7.0 and 2000, the complete integration of Windows NT/2000 accounts and groups increases both the number of options available for managing database access and the complexity of maintaining correct levels of access. What makes it so different from SQL Server 6.5 is the fact that a user’s Windows account and group membership information will be checked even within the database, not just for login purposes. Database permissions can be assigned not just to database user accounts and roles (which replace SQL Server 6.5’s groups) but also to the user’s Windows NT account and to Windows NT/2000 local, domain, and forest (for Windows 2000 domains) groups. In addition, since SQL Server 7.0, we can explicitly deny permissions to a database user. What was possible in version 6.5 through a rather complicated process is very easy in 7.0 and 2000. Although the whole login process is more complex than in SQL Server 6.5, the greater range of entities to which we can assign permissions, and the ability to grant and deny permissions to those entities, results in a far richer set of choices for authorization.