- Kevin Feasel
- Mala Mahadevan
Notes: Questions and Topics
We start off the night with a question from friend of the show Mark Gordon, whose team read a note on partially contained databases and was a bit confused:
When contained databases are enabled, database users with the ALTER ANY USER permission, such as members of the db_owner and db_accessadmin database roles, can grant access to databases and by doing so, grant access to the instance of SQL Server. This means that control over access to the server is no longer limited to members of the sysadmin and securityadmin fixed server role, and logins with the server level CONTROL SERVER and ALTER ANY LOGIN permission. Before allowing contained databases, you should understand the risks associated with contained databases. For more information, see Security Best Practices with Contained Databases.
They interpreted this as granting rights to the partially contained database user to access other databases on the instance. Instead, what it’s saying is that any partially contained user must have the ability to connect to the instance in order to access the partially contained database. But they cannot connect to any other databases on the instance.
Thoughts on MySQL
Mala has been doing some work with MySQL lately. For the sake of being the bad cop, I made fun of MySQL, though that is in good fun—I like MySQL for what it is but it’s probably number 4 on my list of relational databases, well behind SQL Server, PostgreSQL, and Oracle. Anyhow, Mala is impressed with their diagram creation tool, which is way better than what SQL Server has built in.