Reporting Services deployments aren’t exactly the latest fashion, so any you stumble upon are probably a little dated and in need of TLC. One place to review would be the security. Security in SSRS comes in two flavours: Item level roles are what we’re digging into here. Before we start, it’s worth defining a simple […]
The standard SharePoint connectors in Logic Apps authenticate with Entra accounts. When you want to use an App Registration instead, it’s a little trickier. In this post, we’ll show how to interface with the SharePoint REST API using an App Registration authenticated with a certificate securely stored in a Key Vault. Configure app registration First […]
When restoring a database in different environments we may stumble across orphan users. This typically manifests through failed connections to the database. Here we’ll have a quick look at what the issue is and 3 ways to fix it. What are orphaned users When users are created in a database they’re mapped to the login […]
We have database roles for reading and writing data but interestingly there’s no role which provides permission to execute procedures. Most DBAs I’ve worked with – production or development – prefer to use stored procedures for data access rather than an ORM. A role to allow procedure execution would be very handy. So let’s fix […]
Configuring SSIS projects or packages can necessitate parametering information which may include sensitive values such as authentication details. Parameters are stored as plain text in the database by default. We’ll demonstrate how to protect these values using Sensitive parameters. The problem With a SSIS project deployed, our parameters are stored in plain text in the […]
When building dynamic SQL, safety is crucial. As we saw last week, we have the QUOTENAME function which can help when referencing object names. Another aspect to consider is use of parameters. Integrating them incorrectly can leave us vulnerable to SQL injection attacks. Let’s take a look at how to handle them the wrong way, followed by the right […]
I’m a big fan of dynamic SQL in the right conditions. One key to crafting safe dynamic query of the use of the QUOTENAME function. The issue Using dynamic SQL can leave us vulnerable without proper safeguard. Let’s see an example of this: This is a cut down example of something I’ve seen previously in […]
When executing packages for SSIS the default option would be to use the SQL Server Agent service account. We might not want to share an account between our services and Integration Services packages due to security risks. Let’s take a common example: Suppose we have a package which reads from a file share. If permissions […]
When developing database solutions we’ll typically spend some time considering security requirements, which will result (in part) with database roles being assigned to users or groups of users. Whilst security considerations will likely be focused on what folks can do in our databases, there’s a separate impact on what they can see in them too. I’ve had more than […]
Andy Brownsword 