SQLServerCentral - www.sqlservercentral.com

A community of more than 1,600,000 database professionals and growing

Featured Contents

The Voice of the DBA

The Justification Database

I saw an article on the security at various Department of Defense facilities that control the ballistic missile systems in the US. It's interesting reading, especially if you want to shake your head at bad practices. I think this article summarizes just how quickly the digital world has grown faster than the ability of humans to keep up and adopt new practices, especially where constant staff turnover is the norm.

This is a good read for anyone in an organization that must plan for security and account for new staff on a regular basis. It certainly made me think a bit about how information is presented, disseminated, and the view from the other side. It's easy for me to consider security and focus on that from my position, but for others that are tasked with other jobs, their view is completely different.

There was one item in here that made me stop and think. There is a section, titled "No database with written justifications", that notes that there wasn't a database of reasons why someone was granted access. Through random sampling, the found that lots of employees didn't have forms filled in completely with justifications and approvals. In some cases there weren't even forms. I assume these are digital forms, but they could be paper.

That made me think about the ways in which I've granted access to individuals in databases in the past. Often in small companies the request is verbal or in email, with approvals made the same way. Certainly there's no tracking. In larger companies there might be tickets in some helpdesk system, but how do I track those back to clicking in SSMS to add a user to a role?

This week I'm wondering how well managed your system is for managing and approving security changes? If someone was concerned that a hacker gained access through social engineering, could you track down where, when, and why someone was granted access? Are you regulated or audited? I know some people have great processes that limit the potential for abuse, but I also know that far too many people use exceptions to get work done. I wonder how many of you allow for exceptions to your process.

Steve Jones from SQLServerCentral.com

Join the debate, and respond to today's editorial on the forums

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 3.4MB) podcast or subscribe to the feed at iTunes and Libsyn. feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music.

ADVERTISEMENT
SQL Monitor

How SQL Server monitoring benefits your whole organization

SQL Server monitoring doesn’t just benefit your DBAs. In this new guide from Redgate, we take you through the different ways a robust monitoring solution has a positive impact across your organization, from your development teams to IT management, and from finance to your C-suite. Download your free copy now

SQL Prompt

Become a more efficient SQL developer with SQL Prompt

Learn how to write SQL faster and more efficiently with these exclusive short videos from Data Platform MVPs and SQL Server experts. With SQL Prompt you can strip out the repetition of coding and write SQL 50% faster. Check out the tips

Featured Contents
 

Manipulating Filetable Files Programatically

Steve Jones from SQLServerCentral.com

Learn how you can work with FileTable files from T-SQL as an alternative to the drag and drop methods of using Windows Explorer More »
 

Do Functions Stop You From Using Indexes?

Additional Articles from Brent Ozar Unlimited Blog

If you have a function in the WHERE clause, you might have heard you can't use indexes. That's not entirely correct. More »
 

Logging SQL and Change-Tracking Events in EF Core

Additional Articles from Microsoft MSDN

Julie Lerman introduces you to the new logging APIs in .NET Core, concentrating on SQL and change-tracking events, with a focus on providers that output to the console and the debugger. More »
 

From the SQLServerCentral Blogs - Pro SQL Server on Linux–Getting Started

Steve Jones from SQLServerCentral Blogs

As part of my learning goals for 2018, I wanted to work through various books. This is part of my... More »
 

From the SQLServerCentral Blogs - The Necessary Extras That Aren’t Shown in Your Azure BI Architecture Diagram

meaganl from SQLServerCentral Blogs

When we talk about Azure architectures for data warehousing or analytics, we usually show a diagram that looks like the... More »

Question of the Day

Today's Question (by Steve Jones):

I want to get a list of supported collations on my SQL Server 2017 instance. What query should I run?

Think you know the answer? Click here, and find out if you are right.

We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: Collation.

We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center.
ADVERTISEMENT

Design and configure SQL Server instances and databases in support of high-throughput applications that are mission-critical and provide consistent response times in the face of variations in user numbers and query volumes. Learn to configure SQL Server and design your databases to support a given instance and workload.

Pick up your copy of this great book today at Amazon today.

Yesterday's Question of the Day

Yesterday's Question (by Steve Jones):

If I run this code in SQL Server 2017, what happens? 

 CREATE TABLE dbo.SalesOrderHeader ( OrderKey INT IDENTITY(1, -1) , CustomerName VARCHAR(30) ) GO INSERT dbo.SalesOrderHeader (CustomerName) VALUES ('Andy') INSERT dbo.SalesOrderHeader (CustomerName) VALUES ('Brian') INSERT dbo.SalesOrderHeader (CustomerName) VALUES ('Steve') GO SELECT * FROM dbo.SalesOrderHeader AS soh GO

Answer: Three rows are inserted, with the row containing "Steve" having a OrderKey = -1

Explanation:

There is nothing wrong with using a negative increment value for an identity property. The CREATE TABLE works and three rows are inserted, with the values of 1, 0, and -1 respectively.

Ref: Identity Property - click here

» Discuss this question and answer on the forums

Database Pros Who Need Your Help
Here's a few of the new posts today on the forums. To see more, visit the forums.

SQL Server 2017 : SQL Server 2017 - Administration

Profile Trace prior to upgrading 2008 - 2017 - Hi I am looking for a tool that can look at a profile trace file of a 2008 server's activity and...

SQL Server 2017 : SQL Server 2017 - Development

Number of employees active per date - Hi, I have a very simple table  create table #employee ( EmpNumber int, HireDate datetime, TerminationDate datetime ) insert into #employee (EmpNumber, HireDate, TerminationDate) values (12, '09/02/1986',...

SQL Assignment - Join 2 Tables - The data set that I have has 2 tables. One (trips) contains the start and end date in DATETIME format...

Match vertical records to next greater date to find datediff - I need to find the amount of time a user spent watching videos.  I have play/pause actions recorded with time...

T-SQL Multiple Rows into One Row - I have the following rows UserShiftID  RowID  StartDateTime

Where condition for fiscal year - Hi, I am using below query to get the data by fiscal year . I want to get the data for only...

SQL Server 2016 : SQL Server 2016 - Administration

upgrade from 2014 to 2016 - we need to migrate our sqlserver 2014 to 2016 this is the current situation: 2 nodes active-passive ms failover cluster on windows...

SQL Server 2016 : SQL Server 2016 - Development and T-SQL

Which index will perform better - I have a table with about 12M records. Between the columns, there is a datetime field D and a bit...

SQL Server 2014 : Administration - SQL Server 2014

Best technique for shutting down VM upon which MSSQL is running - We're looking to establish an official server shutdown order, in case of an emergency. All of our MSSQL instances are...

SQL Server wont Start - Hi Guys Thought  I would ASK I have a sql server instance that wont start Tried all the local system accounts...

Enable TLS 1.2 - Cert Required? - Hi, Trying to setup TLS 1.2 on our DB servers. I am using SQL2014 SP2 - so good there. Do I have...

Database refresh from Production DB to Test DB in Sql server 2014 - Hello, I would like to know the what's the best way i can do Database refresh from Production DB to Test DB...

SQL Server 2014 : Development - SQL Server 2014

Let SQL do the work ? - Long time reader, 1st time poster here. I'm trying to build a stored procedure that creates a table that looks...

View Query Taking more time - I have created a view using below tables. This view takes a lot of time for returning output. I am...

SQL Server 2012 : SQL 2012 - General

steps for performance tuning of a sql server - Hi I just wanted steps /how to troubleshoot sql server from perfmonace point of view or which is particualr query...

SQL Server 2008 : SQL Server 2008 - General

User Defined Function for following scnario - Dear All, In my scenario, i need to generate string like  AAA,AAB,AAC.........ZZZ My input parameter is just Total count of records Example  declare @countRecord...

Reporting Services : Reporting Services

Record count in dataset is different that excel exported record count. - All, I've got a query as an embedded data set in a report on SSRS2012. When I run the SQL...

Programming : Powershell

Run New PowerShell Process As A Different User - Hello, I'm trying to create a PowerShell script that will run a new PowerShell Process as a different 'Windows' user.  The following code seems...

Data Warehousing : Analysis Services

How do I friggin' connect to SSAS via SSMS? (cryptic errors galore) - Hi there -- I'm trying to connect to an SSAS server via SSMS (the preferred client I'd guess but who knows). I'm...

SQL Server 2005 : T-SQL (SS2K5)

Remove DATE ONLY from datetime column - Hello, I need to remove DATE from a date time column in SQL 2005? All I keep finding on Google is...
This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.
This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com