Netherlands: Software

165 C H A P T E R 8 | Improved Azure SQL Database principal account for your SQL Database server. This login is analogous to the system administrator (sa) login for an on-premises instance of SQL Server. It manages all server-level and database-level security and has permission to create other accounts that can manage logins and databases in SQL Database. Server-level roles Although you can use the server-level principal account to manage server-level security, you also have the option to use sp_addrolemember to assign logins to the following SQL Database security roles: loginmanager This role grants permission to create logins in SQL Database, much like you use the securityadmin role in on-premises SQL Server. Example 8-1 shows how to assign this role to a login. dbmanager This role grants permission to create databases by executing the CREATE DATABASE command in the master database. It is similar to the dbcreator role in on-premises SQL Server. Example 8-1: Creating a SQL Database login and assigning a role -- connect to the master database CREATE LOGIN adminlogin WITH password=''; CREATE USER adminuser FROM LOGIN adminlogin; EXEC sp_addrolemember 'loginmanager', 'adminuser'; Important Be careful to assign these roles only to a limited set of administrators and not to general user accounts. Because these roles scope to the server, a user with permissions in the master database can access data in any SQL Database on the same server by using server-scoped DMVs. Database-level roles The built-in security roles at the database level are similar to on-premises SQL Server security roles. To implement database-level security, you can use the same fixed database roles, such as db_datareader or db_datawriter. Optionally, you can create custom roles for your application when you need explicit permissions for selected database objects. Important As a security best practice, you should always use role-based security to manage database access. Contained database users SQL Database supports contained database users so that you can isolate a user account to a single database instead of creating a server login to which you must then grant database-level permissions. By setting up a contained database user, as shown in Example 8-2, you can move a database between servers and consolidate the user identity and permissions within the individual database. Example 8-2: Creating a contained database user -- connect to the database CREATE USER userA WITH password='';

• Cover
• Contents
• Introduction
• Who should read this book
• Assumptions
• This book might not be for you if…
• Organization of this book
• Conventions and features in this book
• System requirements
• Prerelease software
• Acknowledgments
• Errata, updates, & book support
• Free ebooks from Microsoft Press
• We want to hear from you
• Stay in touch
• Chapter 1: Faster queries
• In-Memory OLTP enhancements
• Reviewing new features for memory-optimized tables
• Scaling memory-optimized tables
• Introducing native client enhancements
• Exploring T-SQL enhancements
• ALTER TABLE statement
• Natively compiled modules
• Managing memory-optimized tables
• Planning data migration to memory-optimized tables
• In-memory analytics
• Reviewing columnstore index enhancements
• Getting started with in-memory analytics
• Using filtered columnstore indexes
• Analysis Services enhancements
• Understanding multidimensional performance improvements
• Understanding tabular performance improvements
• Chapter 2: Better security
• Always Encrypted
• Getting started with Always Encrypted
• Column master key definition
• Column encryption keys
• Creating a table with encrypted values
• Encryption types
• CREATE TABLE statement for encrypted columns
• Indexing and Always Encrypted
• Application changes
• Migrating existing tables to Always Encrypted
• Step 1: Build a new staging table
• Steps 2 and 3: Write a .NET application to encrypt the data and move it to the new table
• Step 4: Rename the table
• Step 5: Update the application's connection string
• Row-Level Security
• Creating inline table functions
• Application using one login per user
• Application using one login for all users
• Creating security policies
• Using block predicates
• Dynamic data masking
• Dynamic data masking of a new table
• Dynamic data masking of an existing table
• Understanding dynamic data masking and permissions
• Masking encrypted values
• Using dynamic data masking in SQL Database
• Microsoft Press newsletters
• Chapter 3: Higher availability
• AlwaysOn Availability Groups
• Supporting disaster recovery with basic availability groups
• Using group Managed Service Accounts
• Triggering failover at the database level
• Supporting distributed transactions
• Scaling out read workloads
• Defining automatic failover targets
• Reviewing the improved log transport performance
• Windows Server 2016 Technical Preview high-availability enhancements
• Creating workgroup clusters
• Configuring a cloud witness
• Using Storage Spaces Direct
• Introducing site-aware failover clusters
• Windows Server Failover Cluster logging
• Performing rolling cluster operating system upgrades
• Chapter 4: Improved database engine
• TempDB enhancements
• Configuring data files for TempDB
• Eliminating specific trace flags
• Trace flag 1117
• Trace flag 1118
• Query Store
• Enabling Query Store
• Understanding Query Store components
• Reviewing information in the query store
• Using Force Plan
• Managing the query store
• Tuning with the query store
• Stretch Database
• Understanding Stretch Database architecture
• Security and Stretch Database
• Identifying tables for Stretch Database
• Configuring Stretch Database
• Monitoring Stretch Database
• Backup and recovery with Stretch Database
• Survey
• Chapter 5: Broader data access
• Temporal data
• Creating a rowstore temporal table
• Anonymous history table
• Default history table
• Existing history table
• Converting an existing table to temporal
• Understanding the effect of data changes
• Using memory-optimized temporal tables
• Querying temporal tables
• Securing temporal tables
• Managing data retention
• Stretch Database
• Table partitioning
• Custom cleanup script
• Reviewing temporal metadata
• JSON
• Getting acquainted with JSON structures
• Exporting data to JSON
• Importing JSON data
• Converting JSON data to a table structure
• Using other built-in JSON functions
• Indexing JSON data
• PolyBase
• Installing PolyBase
• Scaling out with PolyBase
• Creating PolyBase data objects
• Database-scoped credential
• External data source
• External file format
• External table
• Viewing PolyBase objects in SSMS
• Using T-SQL with PolyBase objects
• Troubleshooting with PolyBase system views and DMVs
• Chapter 6: More analytics
• Tabular enhancements
• Accessing more data sources with DirectQuery
• Modeling with a DirectQuery source
• Working with calculated tables
• Bidirectional cross-filtering
• Writing formulas
• Introducing new DAX functions
• Using variables in DAX
• R integration
• Installing and configuring R Services
• Server configuration
• Client workstation
• Getting started with R Services
• Compute context
• Data source
• Data exploration
• Data transformation
• Predictive model creation
• Model usage
• Model accuracy
• Using an R Model in SQL Server
• Model deployment
• Batch mode invocation of a model
• Individual scoring mode invocation of a model
• Chapter 7: Better reporting
• Report content types
• Paginated report development enhancements
• Introducing changes to paginated report authoring tools
• Report Designer
• Report Builder
• Exploring new data visualizations
• Tree map
• Sunburst
• Managing parameter layout in paginated reports
• Mobile report development
• Introducing the mobile report designer
• Connecting data to mobile report elements
• Reviewing mobile report elements
• Navigators
• Gauges
• Charts
• Maps
• Data grids
• Publishing mobile reports
• KPI development
• Report access enhancements
• Accessing reports with modern browsers
• Viewing reports on mobile devices
• Printing without ActiveX
• Exporting to PowerPoint
• Pinning reports to Power BI
• Managing subscriptions
• Subscription description
• Subscription owner change
• Interface support for changing subscription status
• File share credentials
• Chapter 8: Improved Azure SQL Database
• Introduction to SQL Database
• Reviewing the evolution of SQL Database
• Understanding the pricing model
• Service tiers
• Performance levels
• Protecting data with high availability and disaster recovery
• SQL Database security
• Configuring security
• Firewall administration
• Authentication
• Server-level roles
• Database-level roles
• Contained database users
• Auditing SQL Database
• Auditing configuration
• Auditing data
• Encrypting data
• Transparent Data Encryption
• Cell-Level Encryption
• Encrypted data in transit
• Securing data at the row level
• Dynamic data masking
• Developing secure applications
• Elastic database features
• Managing elastic scale
• Elastic database client library
• Split-Merge service
• Managing performance levels in elastic database pools
• Using elastic database jobs
• Distributing queries with elastic query
• Chapter 9: Introducing Azure SQL Data Warehouse
• Introduction to SQL Data Warehouse
• Security
• Scalability
• Scaling storage and compute resources
• Deciding how to scale
• Data loads
• Using Azure Data Factory
• Using PolyBase
• Using SSIS
• Statistics for SQL Data Warehouse
• Creating statistics
• Maintaining statistics
• Integration options
• Predictive modeling in Azure Machine Learning
• Working with streaming data in Azure Stream Analytics
• Analyzing data by using Power BI
• Blank Page
• Blank Page (1)
• Blank Page (2)
• About the authors
• Free ebooks at Microsoft Virtual Academy