Information Security Least Privilege Requirement Analysis for SQL Database Backups

Chirag Goel

doi:https://doi.org/10.14445/22312803/IJCTT-V68I1P108

Research Article | Open Access | Download PDF

Volume 68 | Issue 1 | Year 2020 | Article Id. IJCTT-V68I1P108 | DOI : https://doi.org/10.14445/22312803/IJCTT-V68I1P108

Information Security Least Privilege Requirement Analysis for SQL Database Backups

Chirag Goel

Received	Revised	Accepted
16 Jan 2019	10 Jan 2020	16 Jan 2020

Citation :

Chirag Goel, "Information Security Least Privilege Requirement Analysis for SQL Database Backups," International Journal of Computer Trends and Technology (IJCTT), vol. 68, no. 1, pp. 37-35, 2020. Crossref, https://doi.org/10.14445/22312803/IJCTT-V68I1P108

Abstract

Security is getting more vigilant and granular in information technology. To protect enterprise data proper implementation of security and vigilance in access if necessary. We are going to analyze the least privilege needed to perform backup and restore in SQL Server. We will start with Microsoft documented server and database roles and then proceed with the analysis and outcome of each permission we provision foran account. We will discussthe best techniques to perform the backup operation and without exposing data with excessive permissions.

Keywords

Backup, privilege, restore, sysadmin, database management system, server roles, database roles

References

[1] SQL server agent fixed database roles, https://docs.microsoft.com/en-us/sql/ssms/agent/sql-serveragent- fixed-database-roles?view=sql-server-ver15
[2] Database level roles, https://docs.microsoft.com/enus/ sql/relational-databases/security/authenticationaccess/ database-level-roles?view=sql-server-ver15
[3] Server level roles, https://docs.microsoft.com/enus/ sql/relational-databases/security/authenticationaccess/ server-level-roles?view=sql-server-ver15
[4] Li, C., Wang, S. A Data Model for Supporting On-Line Analytical Processing, Proc. of the 5th International Conference on Information and Knowledge Management, 1996, pp. 81-88.
[5] Pedersen, D., Riis, K., Pedersen, T.B. (2002), A Powerful and SQL-Compatible Data Model and Query Language For OLAP, Proc. of the 13th Australasian Database Conference (ADC2002), Melbourne, Australia
[6] Wang, H., Zaniolo, C, Using SQL to Build New Aggregates and Extenders for Object Relational Systems, Proc. of the 26th VLDB Conference, Cairo, Egypt,2000.
[7] Plattner, H., A Common Database Approach for OLTP and OLAP Using an In-Memory Column Database, SIGMOD’09, Providence, Rhode Island, USA,2009.
[8] Atkinson, M., Bancilhon, F., DeWitt, D., Dittrich, K., Maier, D., Zdonik, S. , The Object-Oriented Database System Manifesto, Proc. Of the First International Conference on Deductive and Object-Oriented Databases, Kyoto, Japan, pp.223-240,1989.
[9] Zaniolo, C., Intelligent Databases: Old Challenges and New Opportunities, Journal of Intelligent Information Systems, 1, pp.271-292,1992.
[10] Connolly T, Begg C. Database system a practical approach to design, implementation, and management. 5th ed. Boston: Addison-Wesley; 2009.
[11] Chan, M.Y. and Cheung, S.C. Applying white box testing to database applications. CSTR, Hong Kong University of Science and Technology, HKUST-CS99-01. 1999.
[12] Chays D., Deng, Y., Frankl, P.G., Dan S., Vokolos, F.I. and Weyuker, E.J. An AGENDA for testing relational database applications. Software Testing, Verification, and Reliability. 14 17--44. 2004.