SQL Server 安全性概述Overview of SQL Server Security

具有重叠安全层的全面防御策略是抵御安全威胁的最佳方式。A defense-in-depth strategy, with overlapping layers of security, is the best way to counter security threats. SQL Server 提供的安全体系结构旨在允许数据库管理员和开发人员创建安全的数据库应用程序并抵御威胁。SQL Server provides a security architecture that is designed to allow database administrators and developers to create secure database applications and counter threats. 通过引入新功能,SQL Server 的每个版本都在先前的 SQL Server 版本基础上得到改善。Each version of SQL Server has improved on previous versions of SQL Server with the introduction of new features and functionality. 但是,安全性并不是现成的。However, security does not ship in the box. 每个应用程序都具有其独特的安全要求。Each application is unique in its security requirements. 开发人员需要了解哪些功能组合最适合抵御已知的威胁,并需要预见未来可能出现的威胁。Developers need to understand which combination of features and functionality are most appropriate to counter known threats, and to anticipate threats that may arise in the future.

SQL Server 实例包含以服务器为首的实体的分层集合。A SQL Server instance contains a hierarchical collection of entities, starting with the server. 每个服务器均包含多个数据库,而每个数据库均包含可保护对象的集合。Each server contains multiple databases, and each database contains a collection of securable objects. 每个 SQL 服务器安全对象相关联权限,可以授予主体,这是个人、 组或进程授予访问 SQL Server 权限。Every SQL Server securable has associated permissions that can be granted to a principal, which is an individual, group or process granted access to SQL Server. SQL Server 安全框架管理通过安全对象实体的访问权限身份验证授权The SQL Server security framework manages access to securable entities through authentication and authorization.

  • 身份验证是指通过提交服务器评估的凭据以登录到主体请求访问的 SQL Server 的过程。Authentication is the process of logging on to SQL Server by which a principal requests access by submitting credentials that the server evaluates. 身份验证可以确定接受身份验证的用户或进程的标识。Authentication establishes the identity of the user or process being authenticated.

  • 授权是指确定主体可以访问哪些可保护资源以及允许对这些资源执行哪些操作的过程。Authorization is the process of determining which securable resources a principal can access, and which operations are allowed for those resources.

本节中的主题介绍 SQL Server 安全基础知识,并提供到相关版本 SQL Server 联机丛书中完整文档的链接。The topics in this section cover SQL Server security fundamentals, providing links to the complete documentation in the relevant version of SQL Server Books Online.

本节内容In This Section

SQL Server 中的身份验证Authentication in SQL Server
说明 SQL Server 中的登录名和身份验证并提供到其他资源的链接。Describes logins and authentication in SQL Server and provides links to additional resources.

SQL Server 中的服务器和数据库角色Server and Database Roles in SQL Server
说明固定服务器和数据库角色、自定义数据库角色和内置帐户,并提供到其他资源的链接。Describes fixed server and database roles, custom database roles, and built-in accounts and provides links to additional resources.

SQL Server 中的所有权和用户架构分离Ownership and User-Schema Separation in SQL Server
说明对象所属权和用户架构分离,并提供到其他资源的链接。Describes object ownership and user-schema separation and provides links to additional resources.

SQL Server 中的授权和权限Authorization and Permissions in SQL Server
说明使用最低特权原则授予权限并提供到其他资源的链接。Describes granting permissions using the principle of least privilege and provides links to additional resources.

SQL Server 中的数据加密Data Encryption in SQL Server
说明 SQL Server 中的数据加密选项并提供到其他资源的链接。Describes data encryption options in SQL Server and provides links to additional resources.

SQL Server 中的 CLR 集成安全性CLR Integration Security in SQL Server
提供到 CLR 集成安全资源的链接。Provides links to CLR integration security resources.

请参阅See also