Before we dig deeper into SQL Azure Security, here are some basic concepts:
Principal: This is an entity that can request SQL Azure resources. Principals can include sql logins (access to SQL Azure server) and database users (access to SQL Azure database)
Role; A role in SQL Azure is analogous to a group in Windows. So if the Accounting dept has database users with the same level of permissions, it is better to create a role and assign perms to it
Schema: Container of database object like tables in SQL Azure
Securables: Actual resources in SQL Azure that can be access. An example of this is a table or even a database.
Steps for Security in SQL Azure
- Create a login, has to be done in master database
- Create a database user for the previous login
- Assign the user to a role (optional but highly recommended)
- Assign permissions to the user
Here is a sample video tutorial that covers SQL-Azure-Security-Youtube (Use Right click – Save As)
I am including the Transact SQL scripts for creating and managing the security in SQL Azure database
–create sql login
/****** Object: Login [hr_owner] Script Date: 4/26/2012 9:41:57 PM ******/
CREATE LOGIN [hr_owner] WITH PASSWORD=N’iBýÿ]@ÖÄ’
GO
–create database user
/****** Object: User [hr_owner2] Script Date: 4/26/2012 9:53:28 PM ******/
CREATE USER [hr_owner2] FOR LOGIN [hr_owner2] WITH DEFAULT_SCHEMA=[dbo]
GO
–create database role
/****** Object: DatabaseRole [hr_role2] Script Date: 4/26/2012 9:59:43 PM ******/
CREATE ROLE [hr_role2]
GO
–add user hr_owner2 to database role hr_role2
sp_addrolemember ‘hr_role2′, hr_owner2
–How to lookup members (users) in a database role
select p.name as role_name, m.name as user_name
from sys.database_role_members drm
join sys.database_principals p
on drm.role_principal_id=p.principal_id
join sys.database_principals m
on drm.member_principal_id=m.principal_id