Tuesday, March 10, 2015

SQL Logins



 Logins are the credentials that authenticate connections to an instance. Except in the case of an instance configured to support contained databases, a database user must map to an existing SQL Server login. You can differentiate SQL Server logins based on the type of authentication method used. SQL Server 2012 supports the following login types: 

■ Windows-authenticated login
■ SQL Server–authenticated login
■ Certificate
■ Asymmetric key 

A security principal must have the ALTER ANY LOGIN permission to be able to create SQL logins.



Windows-Authenticated SQL Server Logins:
            Windows-authenticated SQL Server logins are instance logins in which the operating system handles authentication. You can map a Windows-authenticated SQL Server login to a local user account, a local security group, a domain user account, or a domain security group.

To create a Windows-authenticated SQL Server login, use the CREATE LOGIN Transact-SQL statement with the FROM WINDOWS option. For example, to create a SQL Server login by using the local account Local_One on the server SQL-A, use the Transact-SQL statement:


CREATE LOGIN "SQL-A\Local_One" FROM WINDOWS;


To create a SQL Server login using the local security group Group_One on the server SQL-A, use the Transact-SQL statement:


CREATE LOGIN "SQL-A\Group_One" FROM WINDOWS;

To create a SQL Server login using the domain account Account_Two from the domain Contoso, use the Transact-SQL statement:


CREATE LOGIN "CONTOSO\Account_Two" FROM WINDOWS;

To create a SQL Server login using the domain security group Group_Two from the domain Contoso, use the Transact-SQL statement:


CREATE LOGIN "CONTOSO\Group_Two" FROM WINDOWS;

 
SQL Server–Authenticated Logins:
              SQL Server–authenticated logins are authenticated by the Database Engine instance rather than through the host operating system or a domain controller. SQL Server–authenticated login passwords are stored within the master database. If the SQL Server authentica- tion option button is disabled, you must configure the instance to support mixed-mode authentication.


You can create a new SQL Server–authenticated login using the CREATE LOGIN statement and the WITH PASSWORD option. For example, to create a SQL Server–authenticated login named sql_user_a with the password Pa$$w0rd, execute the following statement:


CREATE LOGIN sql_user_a WITH PASSWORD = 'Pa$$w0rd';


You can create a SQL Server–authenticated login to use the password expiration and com- plexity policies that apply to the host operating system by using the following options with the CREATE LOGIN statement:

 ■ CHECK_EXPIRATION Enables you to configure SQL Server–authenticated logins so that the password expiration policy that applies to the host operating system applies to the login. This option can be set to ON or OFF with the default value of OFF.

 ■ CHECK_POLICY Enables you to configure SQL Server–authenticated logins so that the password complexity policy that applies to the host operating system applies to the login. Password complexity policy includes minimum and maximum password lengths and whether the password must contain a mix of uppercase, lowercase, numeric, and symbol characters. This option can be set to ON or OFF with the default value of ON.



No comments: