You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/linux/sql-server-linux-security-get-started.md
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -82,7 +82,7 @@ GRANT SELECT ON Object::Sales TO Orders;
82
82
GRANT UPDATE ON Object::Sales TO Orders;
83
83
GRANT DELETE ON Object::Sales TO Orders;
84
84
ALTER ROLE Sales ADD MEMBER Jerry;
85
-
```
85
+
```
86
86
87
87
For more information about the permission system, see [Getting Started with Database Engine Permissions](../relational-databases/security/authentication-access/getting-started-with-database-engine-permissions.md).
88
88
@@ -102,14 +102,14 @@ GO
102
102
CREATE USER Manager WITHOUT LOGIN;
103
103
104
104
CREATE USER SalesPerson280 WITHOUT LOGIN;
105
-
```
105
+
```
106
106
107
107
Grant read access on the `Sales.SalesOrderHeader` table to both users:
108
108
109
109
```
110
110
GRANT SELECT ON Sales.SalesOrderHeader TO Manager;
111
-
GRANT SELECT ON Sales.SalesOrderHeader TO SalesPerson280;
112
-
```
111
+
GRANT SELECT ON Sales.SalesOrderHeader TO SalesPerson280;
112
+
```
113
113
114
114
Create a new schema and inline table-valued function. The function returns 1 when a row in the `SalesPersonID` column matches the ID of a `SalesPerson` login or if the user executing the query is the Manager user.
115
115
@@ -124,7 +124,7 @@ AS
124
124
RETURN SELECT 1 AS fn_securitypredicate_result
125
125
WHERE ('SalesPerson' + CAST(@SalesPersonId as VARCHAR(16)) = USER_NAME())
126
126
OR (USER_NAME() = 'Manager');
127
-
```
127
+
```
128
128
129
129
Create a security policy adding the function as both a filter and a block predicate on the table:
130
130
@@ -250,11 +250,12 @@ For more information about TDE, see [Transparent Data Encryption (TDE)](../relat
250
250
## Configure backup encryption
251
251
SQL Server has the ability to encrypt the data while creating a backup. By specifying the encryption algorithm and the encryptor (a certificate or asymmetric key) when creating a backup, you can create an encrypted backup file.
252
252
253
-
> [!WARNING]
254
-
> It is very important to back up the certificate or asymmetric key, and preferably to a different location than the backup file it was used to encrypt. Without the certificate or asymmetric key, you cannot restore the backup, rendering the backup file unusable.
253
+
> [!WARNING]
254
+
> It is very important to back up the certificate or asymmetric key, and preferably to a different location than the backup file it was used to encrypt. Without the certificate or asymmetric key, you cannot restore the backup, rendering the backup file unusable.
255
255
256
256
257
257
The following example creates a certificate, and then creates a backup protected by the certificate.
0 commit comments