"A permission is a right to do something in a database. Examples include performing a database function (such as creating table) or working with an object (INSERT)." (Owen Williams, "MCSE TestPrep: SQL Server 6.5 Design and Implementation", 1998)
[statement permissions:] "These are database permissions and enable users to create objects, drop objects, or modify objects in a database. Statement permissions do not work with data, but rather work with the containers that hold the data." (Owen Williams, "MCSE TestPrep: SQL Server 6.5 Design and Implementation", 1998)
"Authorization that enforces database security. SQL Server permissions specify the Transact-SQL statements, views, and stored procedures each user is authorized to use. The ability to assign permissions is determined by each user's status. There are two types of permissions: object permissions and statement permissions." (Microsoft Corporation, "SQL Server 7.0 System Administration Training Kit", 1999)
[statement permission:] "Permission that controls the execution of Transact-SQL statements that create database objects or perform certain administrative tasks. Can be granted, revoked, or denied." (Microsoft Corporation, "SQL Server 7.0 System Administration Training Kit", 1999)
"These are permissions that regulate a user’s ability to create structures that hold data, such as tables and views." (Joseph L Jorden & Dandy Weyn, "MCTS Microsoft SQL Server 2005: Implementation and Maintenance Study Guide - Exam 70-431", 2006)
"A privilege that you grant to a principle. When authorized, the principle may then interact with one or more securables." (Robert D. Schneider and Darril Gibson, "Microsoft SQL Server 2008 All-In-One Desk Reference For Dummies", 2008)
"Operations that can be applied to or done with an object. Example file permissions are read, write, and delete." (Mark Rhodes-Ousley, "Information Security: The Complete Reference", 2nd Ed., 2013)
"Permissions placed on objects within a database. Database permissions specify which actions a database user can perform on tables, views, stored procedures, and other objects." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)
"The definitions of what object access actions are permitted for a specific user or group." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed, 2015)
"The type of authorized interactions that a subject can have with an object. Examples include read, write, execute, add, modify, and delete." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed, 2018)
No comments:
Post a Comment