Information Security Least Privilege Requirement Analysis for SQL Database Backups

  IJCTT-book-cover
 
         
 
© 2020 by IJCTT Journal
Volume-68 Issue-1
Year of Publication : 2020
Authors : Chirag Goel
DOI :  10.14445/22312803/IJCTT-V68I1P108

How to Cite?

Chirag Goel, "Information Security Least Privilege Requirement Analysis for SQL Database Backups," International Journal of Computer Trends and Technology, vol. 68, no. 1, pp. 35-37, 2020. Crossref, https://doi.org/10.14445/22312803/IJCTT-V68I1P108

Abstract
Security is getting more vigilant and granular in information technology. To protect enterprise data proper implementation of security and vigilance in access if necessary. We are going to analyze the least privilege needed to perform backup and restore in SQL Server. We will start with Microsoft documented server and database roles and then proceed with the analysis and outcome of each permission we provision foran account. We will discussthe best techniques to perform the backup operation and without exposing data with excessive permissions.

Keywords
Backup, privilege, restore, sysadmin, database management system, server roles, database roles.

Reference
[1] SQL server agent fixed database roles, https://docs.microsoft.com/en-us/sql/ssms/agent/sql-serveragent- fixed-database-roles?view=sql-server-ver15
[2] Database level roles, https://docs.microsoft.com/enus/ sql/relational-databases/security/authenticationaccess/ database-level-roles?view=sql-server-ver15
[3] Server level roles, https://docs.microsoft.com/enus/ sql/relational-databases/security/authenticationaccess/ server-level-roles?view=sql-server-ver15
[4] Li, C., Wang, S. A Data Model for Supporting On-Line Analytical Processing, Proc. of the 5th International Conference on Information and Knowledge Management, 1996, pp. 81-88.
[5] Pedersen, D., Riis, K., Pedersen, T.B. (2002), A Powerful and SQL-Compatible Data Model and Query Language For OLAP, Proc. of the 13th Australasian Database Conference (ADC2002), Melbourne, Australia
[6] Wang, H., Zaniolo, C, Using SQL to Build New Aggregates and Extenders for Object Relational Systems, Proc. of the 26th VLDB Conference, Cairo, Egypt,2000.
[7] Plattner, H., A Common Database Approach for OLTP and OLAP Using an In-Memory Column Database, SIGMOD’09, Providence, Rhode Island, USA,2009.
[8] Atkinson, M., Bancilhon, F., DeWitt, D., Dittrich, K., Maier, D., Zdonik, S. , The Object-Oriented Database System Manifesto, Proc. Of the First International Conference on Deductive and Object-Oriented Databases, Kyoto, Japan, pp.223-240,1989.
[9] Zaniolo, C., Intelligent Databases: Old Challenges and New Opportunities, Journal of Intelligent Information Systems, 1, pp.271-292,1992.
[10] Connolly T, Begg C. Database system a practical approach to design, implementation, and management. 5th ed. Boston: Addison-Wesley; 2009.
[11] Chan, M.Y. and Cheung, S.C. Applying white box testing to database applications. CSTR, Hong Kong University of Science and Technology, HKUST-CS99-01. 1999.
[12] Chays D., Deng, Y., Frankl, P.G., Dan S., Vokolos, F.I. and Weyuker, E.J. An AGENDA for testing relational database applications. Software Testing, Verification, and Reliability. 14 17--44. 2004.