30/1/2019 Librería

Lab Answer Key: Module 3: Authorizing Users to

Access Resources
Es
te
do
cu
Lab: Authorizing
me
nto
pe
Users to Access Resources
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc G
Exercise 1: Granting,
as ea
@
Denying,
uil
itidler
mo
orrand Revoking Permissions on
las gm C
Objects co
pia
ail
.co
orr
ea
ss m Lo
in pe
au ra.
tor
iza
ció
. n
Task 1: Prepare the Lab Environment

1. Ensure that the 20764C-MIA-DC and 20764C-MIA-SQL virtual machines are

Es
te
do
both crunning,
um and then log on to 20764C-MIA-SQL as
en
to
ADVENTUREWORKS\Student
pe
rt
with the password Pa55w.rd.
No lui en
sg ec
es u ea
tán ille Lu
2. p r
In the D:\Labfiles\Lab03\Starter
m is folder, right-click Setup.cmd, and then click
erm oc Gu
itid o rre ille
as a rm
Run as administrator.las @
gm oC
co ail orr
pia .co ea
ss m Lo
in pe
3. In the User Account Control au
tor dialog, ra. click Yes when prompted to confirm that
iza
ció
you want to run the command n. file, and wait for the script to finish.

Es
te
do
Task 2: Grant Permissions on Objects
cu
m en
to
pe
rte
No lui ne
es sg ce
tán aL u ille
1. Review
pe the supplied
rm
o
uissecurity requirements in the scenario for this lab.
rm co Gu
itid rre ille
as a@ rm
las gm o
Co should be assigned at the object level.
2. Determine the permissions
co
p
ail
.
that
rre
ias co aL
sin m op
au era
tor .
3. Start SQL Server Management
iza Studio and connect to the MIA-SQL database
ció
. n
engine using Windows authentication.

4. On the File menu, point to New, and then click Query with Current
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 1/9
30/1/2019 Librería

Connection.

5. In the new query window, type the following code to grant permissions for the e-
commerce application to read data from the Products.vProductCatalog view
and insert rows into the Sales.SalesOrderHeader and Sales.SalesOrderDetail
Etables:
ste
do
cu
me
nto
pe
rte
NUSE
oe l uis ne
stá
InternetSales;
g uil
ce
ler aL
np m uis
GO e rm o co Gu
itid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
s
GRANT SELECT ON siProducts.vProductCatalog m Lo TO WebApplicationSvc;
na pe
uto ra.
GRANT INSERT ON Sales.SalesOrderHeader riz TO WebApplicationSvc;
ac
ión
.
GRANT INSERT ON Sales.SalesOrderDetail TO WebApplicationSvc;
GO

Es
te
do
cu
6. Belowmthe
en code that you have just entered, type the following code to grant
to
pe
permissions rtfor
en all sales employees and managers to read data from the
No lui ec
es s gu ea
án tlle i Lu
Customer
pe
r
table:
rm
o is
Gu
mi co
tid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
GRANT SELECT ON Customers.Customer
i na pe TO Database_Managers;
uto ra.
riz
GRANT SELECT a
ON Customers.Customer
ció TO InternetSales_Managers;
n.
GRANT SELECT ON Customers.Customer TO InternetSales_Users;
GO

Es
te
do
cu
m
7. On the etoolbar,
nto click Execute.
pe
rte
No lui ne
e sg ce
8. stá
Minimize SQL
ille Server u
ui Management Studio and open a command prompt.
aL
np rm
erm oc sG
itid orr uil
ler
as ea
l mo @
9. At the command a s c prompt,
op
g ma type Co the following command to open
rre
the sqlcmd utility
il.c
ias om aL
as adventureworks\anthonyfrizzell,
sin
au
op
era who is a member of the IT_Support
tor .
group, and then press Enter: iza
ció
n.

runas /user:adventureworks\anthonyfrizzell /noprofile sqlcmd

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 2/9
30/1/2019 Librería

10. At the command prompt, when you are prompted for a password, type
Pa$$w0rd, and press Enter.

11. In the SQLCMD window, at the command prompt, type the following command
Es
toteverify
do your identity, and then press Enter:
cu
me
nto
pe
rte
No lui ne
e sg ce
stá
SELECT uil
suser_name(); aL
np ler uis
erm m oc
o Gu
GO i tid r rea ille
as @ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
12. In the SQLCMD window, atacthe i z
ión command prompt, type the following commands
.
to verify that Anthony can access the Customer table through his membership
of the IT_Support global group, and hence the Database Managers local
group and SQL Server login, and then press Enter:
Es
te
do
cu
me
nto
pe
USE InternetSales;
No l
rte
n
uis ec
es gu ea
GO tán ille Lu
pe rm is
rm oc Gu
iTOP
tid orr ille
SELECT as 5 e
FirstName,
a rm LastName FROM Customers.Customer;
las @ oC
gm
co ail orr
GO pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.

Task E3:
s
Deny Permissions on Objects
te
do
cu
me
nto
pe
ten r
1. You
No realize
e
lui
sg that ec the Database_Managers do not need to access the customer
e
stá uil a
np erm Lu l
information,
erm soocdecide
is to deny them access.
G
itid orr uil
as ea ler
las @ m oC
gm
2. co
In SQL Server Management
ail oStudio,
rre in the query window, below the existing
pia .co a ss m Lo
in p
era the Database_Managers user SELECT
code, type the followingau code to deny
to .
riz
ció a
permissions on the Customer n. table:

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 3/9
30/1/2019 Librería

DENY SELECT ON Customers.Customer TO Database_Managers;

GO

3. Select the code that you have just typed, and then click Execute.
Es
te
do
4. In thecumSQLCMD
en window, at the command prompt, type the following command
to
er p
to
N verify
lu that teAnthony
ne is now denied access to the Customer table, and then
oe isg ce
stá ille u aL
press n Enter:
p rm uis
erm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
SELECT TOP 5 s
FirstName,
sin m Lo
LastName FROM Customers.Customer;
pe
au ra.
tor
GO iza
ció
n.

Es
te
do
cu
m
Task 4: Revoke
en
to Permissions on Objects
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm Gu oc
1. You realize
itid that,oralthough
a r e a
ille the Database_Managers users do not need to
r
sl @ mo
sc m Co a g
access the customer
op information,
ail
.c rre Anthony is a member of another group and
ias om aL
therefore does needsiaccess
na
u to theopetable.
ra. You decide to revoke the deny
tor
ac iz
permission that you have implemented,
ión leaving Anthony to inherit permissions
.
from his other group membership.

2. In SQL Server Management Studio, in the query window, below the existing
Es
code,
te
do type the following code to deny the Database_Managers user SELECT
cu
m
permissions
en
to on the Customer table:
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
REVOKE iSELECT
tid o rre ON Customers.Customer
ille TO Database_Managers;
as a@ rm
las gm oC
GO co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.
3. Select the code that you have just typed, and then click Execute.

4. In the SQLCMD window, at the command prompt, type the following command
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 4/9
30/1/2019 Librería

to verify that Anthony can access the Customer table through his membership
of the Sales_Managers global group, and hence the InternetSales_Managers
local group and SQL Server login, and then press Enter:

EsSELECT TOP 5 FirstName, LastName FROM Customers.Customer;

te
d
GO ocum
en
to
pe
rte
No lui ne
es sg ce
tán u aL
ille
pe uis
rm
5. In the SQLCMD
rm o co window, Gu at the command prompt, type exit, and then press
itid rre ille
as a@ rm
l oC
Enter. as
co
gm
ail orr
pia .co ea
ss m Lo
in pe
au ra.
6. In SQL Server Management tor
iza Studio, on the File menu, click Close.
ció
n.
7. In the Microsoft SQL Server Management Studio dialog box, click No.

8. Leave SQL Server Management Studio open for the next exercise.
Es
te
do
cu
me
nto
pe
rte
No lui ne
Result: s
es Aftergcompleting ce
tán uil
ler a L this exercise, you will have assigned the required object-
pe mo uis
level permissions.
rm
itid
co
rre
Gu
ille
as a @ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
Exercise 2: Granting EXECUTE Permissions on Code tor
iza
ció
n.

Task 1: Grant EXECUTE Permission

Es
te
do
cu
1. methe supplied security requirements in the scenario for this lab.
Review nto
pe
rte
No lui ne
es ea sg c
2. Determine
tán ilthe
ler permissions
Lu
u that should be assigned on code.
pe mo is
rm co Gu
itid rre ille
m as a@ r
3. On the File menu,
las
c
point
gm to oNew,
a Co and then click Query with Current
op il.c rre
ias om aL
Connection. sin op
era
au .
tor
iza
ció
4. In the new query window, type. the following code to grant permission for the
n

sales managers to run the ChangeProductPrice stored procedure, and then

click Execute:
https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 5/9
30/1/2019 Librería

USE InternetSales;
GO

GRANT EXECUTE ON Products.ChangeProductPrice TO

Es
te
InternetSales_Managers;
do
c um
en
GO to
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
Task 2: Test the Permission iza
ció
n.

1. In the command prompt window, at the command prompt, type the following
Ecommand
ste
to open the sqlcmd utility as adventureworks\deannaball, who is a
do
member cu
me of the IT_Support group, and then press Enter:
nto
pe
rte
No lui ne
es sgu ce
tán ille aL
rm uis
runasper/user:adventureworks\deannaball /noprofile sqlcmd
mi o co Gu
tid rre ille
as a@ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in p
2. At the command prompt,tor when youerare a u a. prompted for a password, type
iza
ció
Pa$$w0rd, and then press Enter. n.

3. In the SQLCMD window, at the command prompt, type the following commands
to verify that Deanna can run the stored procedure, and then press Enter:
Es
te
do
cu
me
nto
ert p
N
USE InternetSales;
lu en
oe isg ec
stá uil
aL e
GO n p uis ler
erm mo
co Gu
EXECUTEitidProducts.ChangeProductPrice
as
rre
a@
ille
rm 1, 2;
las gm oC
co ail orr
GO pia
ss
.co
m
ea
Lo
in pe
au ra.
tor
iza
ció
n.
4. In the SQLCMD window, at the command prompt, type exit, and then press
Enter.

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 6/9
30/1/2019 Librería

5. In SQL Server Management Studio, in the query window, below the existing
code, type the following code to check that the stored procedure updated the
price:

EsSELECT ListPrice from Products.Product WHERE ProductID<10;

te
do
cu
me
n to
pe
rte
No lui
ec n
6. Select
es
tá
the
sg code
uil ethat
a you have just typed, and then click Execute.
np ler Lu
erm mo is
Gu co
itid ille rre
7. On the File menu,
a s las
a click
@
gm Close.
rm
oC
co ail orr
pia .co ea
ss m Lo
in pe
8. In the Microsoft SQL aServer uto Managementra. Studio dialog box, click No.
riz
ac
ión
.
9. Leave SQL Server Management Studio open for the next exercise.

Es
te
Result:doAfter
cu
me
completing this exercise, you will have assigned the required
n
EXECUTE permissions
to on stored procedures.
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea
Exercise 3: Granting
las @ Permissions
gm
rm
oC at the Schema Level
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
Task 1: Grant Permission on acSchema
ión
.

1. Review the supplied security requirements in the scenario for this lab.
Es
te
oc d
2. Determine
um the permissions that should be assigned at the schema level.
en
to
pe
rte
3. N
On l
o e the File isg menu, ne
u ce point to New, and then click Query with Current
stá uil aL
np l erm uis
Connection. erm oc
o Gu
itid rre ille
as a@ rm
las gm oC
co ail orr
4. In the new query pwindow,
ias . com type ethe
a L following code to grant permission for the
sin op
e
sales managers to inserttorand a u
iza
updatera.data in the Sales schema, and for the
ció
sales employees and managers n. to read data in the Sales schema:

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 7/9
30/1/2019 Librería

USE InternetSales;
GO

GRANT INSERT, UPDATE ON SCHEMA::Sales TO

InternetSales_Managers;
Es
te
do
GRANTcu SELECT ON Schema::Sales TO InternetSales_Managers;
en m
to
GRANT SELECT pe
rte
ON Schema::Sales TO InternetSales_Users;
No lui ne
GOes sg ce
tá uil a
np l erm Lu
erm oc is
orr Gu
itid ea ille
as @ rm
las gm oC
co ail orr
pia .co ea
5. On the toolbar, clicksExecute.
s
in
m Lo
pe
au ra.
tor
iza
ció
n.

Task 2: Test the Permission

Es
te
do
cu
me
nto
1. In the command
pe prompt window, at the command prompt, type the following
rte
No lui ne
command
es
tán
sguto open
ille
ce the sqlcmd utility as adventureworks\anthonyfrizzell, who
aL
pe rm uis
is a member o
itid of othe rre Sales_Managers group, and then press Enter:
rm c Gu
ille
as a @ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
runas /user:adventureworks\anthonyfrizzella u ra. /noprofile sqlcmd
tor
iza
ció
n.

2. At the command prompt, when you are prompted for a password, type
Pa$$w0rd, and then press Enter.
Es
te
do
cu
m
3. In the SQLCMD
en
to window, at the command prompt, type the following commands
pe
r
to lui that teAnthony
No verify ne can access and update sales data, and then press Enter:
e sg ce
stá uil aL
np ler uis
erm mo
co Gu
itid rre ille
as a@ rm
las oC gm
USE InternetSales;
co ail orr
pia .co ea
ss m Lo
GO i n pe
au ra.
tor
iza
ció
n.
SELECT TOP 5 SalesOrderID, CustomerID FROM
Sales.SalesOrderHeader;

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 8/9
30/1/2019 Librería

GO

UPDATE Sales.SalesOrderHeader SET CustomerID=28389 WHERE

SalesOrderID=43697;
GO
Es
te
do
cu
m
en TOP 5 SalesOrderID, CustomerID FROM
SELECT to
pe
rte
l
NSales.SalesOrderHeader;
oe uis ne
g ce
stá uil aL
np ler uis
GO erm m oc
orr Gu
itid ea ille
as @ rm
las gm oC
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
4. In the SQLCMD window,torat iza the command prompt, type exit, and then press
ció
Enter. n.

5. In the command prompt window, at the command prompt, type exit.

Es
6. InteSQL
do Server Management Studio, on the File menu, click Close.
cu
me
nto
pe
7. In
N
the Microsoft
l
rte
n
SQL Server Management Studio dialog box, click No.
oe uis ec
stá gu ea
np ille Lu
is rm
8. On the eFile
rm
it menu,
oc
orr click
Gu Exit.
il
ida ea ler
sl oC @ m
as gm
ail co orr
9. In the p
Microsoft SQL
ias .
Serverco Management
ea Studio dialog box, click No.
sin m Lo
pe
au ra.
tor
iza
ció
n.

Result: After completing this exercise, you will have assigned the required
schema-level permissions.
Es
te
do
cu
me
nto
pe
rte
No lui ne
es sg ce
tán u ille aL
pe rm uis
rm oc Gu
itid orr ille
as ea rm
las @ oC
gm
co ail orr
pia .co ea
ss m Lo
in pe
au ra.
tor
iza
ció
n.

https://skillpipe.com/?lang=es-ES#/reader/book/24820548-a5cd-4cbe-80fd-0658d7f0f8c4 9/9