Adventures in Machine Learning

Mastering SQL Server Administration: Backups Roles Security and More

As the amount of data we store on our electronic devices continues to increase, so does the risk of losing that data. Whether it’s due to a natural disaster, physical damage, or human error, the consequences of losing important information can be devastating.

That’s why it’s important to have a backup and restore plan in place to protect your data and prevent the loss of valuable information. In this article, we will discuss two important topics in SQL Server Administration: Backup & Restore and Managing Logins, Users, and Permissions.

1. Backup & Restore

1.1 Recovery Model

The Recovery Model is a crucial component of any backup and restore plan.

In SQL Server, there are three types of Recovery Models: Simple, Full, and Bulk-Logged. The Recovery Model determines how much data you can recover in the event of a failure, so it’s imperative that you choose the right option for your needs.

Simple Recovery Model is the most basic option and provides limited protection. It only allows for a full backup of your database, and once the backup is complete, all previous transaction logs are deleted.

This model is best suited for databases with non-critical data. Full Recovery Model, on the other hand, is designed for mission-critical databases that require almost complete protection.

It enables you to perform a full backup of your database, along with transaction log backups. This model maintains a continuous transaction log, which allows you to recover to a specific point in time.

However, it requires more storage space and more frequent backups. Bulk-Logged Recovery Model is similar to Full Recovery Model but is designed for databases that have a large number of bulk operations, such as loading large amounts of new data into a table.

This model logs fewer details and thus reduces the overhead of the transaction log. However, it requires more space to store the transaction log data.

1.2 Backup Types

There are three types of backups that you can perform in SQL Server: full backup, differential backup, and transaction log backup. Full Backup is the most basic type of backup, and it creates a copy of the entire database.

This backup is essential for restoring a database to its most recent state in the event of a catastrophic failure. Full backups can be performed daily, weekly, or monthly, depending on your needs.

Differential Backup is a faster alternative to full backups. It takes a snapshot of all changes made since the last full backup and creates a file containing only those changes.

Differential backups can be performed several times a day, depending on the amount of data that has been modified. Transaction Log Backup is a backup of the transaction log file.

This backup allows you to restore a database to a specific point in time. Transaction logs are typically backed up every few minutes or hours, depending on the importance of the data being stored.

2. Managing Logins, Users, and Permissions

2.1 Creating Logins and Users

In SQL Server, a login is used to validate a user’s identity, while a user is used to grant access to a database.

Creating a login and user is a straightforward process. To create a login, navigate to the Security folder in SQL Server Management Studio and select “New Login.” Create a login name, choose a password, and specify the authentication mode.

To create a user, navigate to the database in which you want the user to have access and select “New User.” Assign a name to the user, select the login name, and specify the appropriate roles and permissions. 2.2 Granting and Revoking Permissions

SQL Server offers a variety of permissions that can be granted or revoked to users and logins.

Permissions can be granted at the server, database, or object level, and they can be divided into two categories: explicit and implicit. Explicit permissions are granted directly to a user or login, while implicit permissions are inherited from a parent object, such as a database or server.

It’s important to understand how permissions work in SQL Server so that you can grant the appropriate level of access to different users and logins. To grant or revoke permissions, navigate to the Security folder in SQL Server Management Studio and select “New Login” or “New User.” Adjust the permissions as needed and save the changes.


In summary, having a backup and restore plan and managing logins, users, and permissions are critical components of SQL Server Administration. With the proper Recovery Model and backup types in place, you can ensure that you can recover your data in the event of a disaster.

By properly managing logins, users, and permissions, you can control access to your databases and ensure that users have only the necessary level of access. With these best practices in place, you can protect your data and make sure that it is always available when you need it.

3. Managing Roles

When managing access to a database, it’s important to have a system in place that divides users into groups based on their roles.

This allows for more efficient management of accessibility to the database, which reduces the security risks. In SQL Server, roles are used to manage access to the database.

There are two types of roles: fixed server roles and fixed database roles.

3.1 Database Roles

Database Roles are roles that are specific to a particular database.

There are three types of database roles: user-defined roles, fixed database roles, and application roles. Fixed database roles are predefined roles that have a specific set of permissions assigned to them.

These roles are created automatically when the database is created and cannot be altered. User-defined roles are roles that are created by users with appropriate permissions.

User-defined roles are used to assign specific permissions to a group of users. Application roles are roles that are used to manage access to an application instead of the database.

These roles are typically used for application-specific security and have specific permissions granted to them.

By creating roles and assigning specific permissions to them, it’s possible to grant exactly the right level of access to each user.

3.2 Creating, Altering, and Dropping Roles

Creating a role in SQL Server is a straightforward process. Navigate to the database in which you want to create the role and right-click the Roles folder.

Select “New Role” to open the “New Database Role” wizard. Enter the name of the role, add members to the role as required, and specify the appropriate permissions for the role.

Altering a role allows you to make changes to an existing role. Navigate to the role that you want to modify and right-click the role.

Select “Properties” to open the “Database Role Properties” dialog box. Modify the appropriate settings and then click “OK” to save the changes.

Dropping a role is the process of removing a role from a database. Navigate to the role that you want to remove, right-click the role, and select “Delete.” Confirm your decision in the pop-up dialog box to complete the process.

4. Database Maintenance

Database maintenance is the process of keeping the database healthy, efficient, and available.

One of the most critical aspects of database maintenance is database backups and restores.

4.1 Database Backups and Restores

Database backups and restores are the processes of creating a copy of the database and restoring the database to an earlier state.

Backups can be performed using Full, Differential, or Log backups, depending on the Recovery Model that has been set up for the database. Restores can be performed in several ways, including restoring the database to a specific point in time, restoring the database using a differential backup, or restoring a specific set of files.

Regular backups of the database are necessary to ensure that data is adequately protected. The frequency and type of backups used depend on the size and complexity of the database, as well as the Recovery Model in use.

Backups should be stored both on-site and off-site to prevent data loss due to physical damage or natural disasters. 4.2 Database Recovery

Database recovery is the process of bringing the database back to its normal state after a failure has occurred.

This process typically involves the restoration of a backup file, followed by the application of any relevant transaction logs. SQL Server provides several recovery models to choose from, ranging from the Simple Recovery Model to the Full Recovery Model.

Point-in-time recovery is an advanced recovery technique that allows for the restoration of a database to a specific point in time. It requires a transaction log backup to be taken at the point in time, and the recovery process must start with the restoration of the most recent full backup.


As we have seen, managing roles and database maintenance are essential aspects of SQL Server administration. By creating roles and assigning specific permissions to them, it’s possible to maintain precise control over access to the database, while backups and restores are necessary to guarantee the integrity of the database in the event of a failure.

By adhering to best practices for managing roles and database maintenance, administrators can ensure their databases remain secure, accessible, and healthy. 5.


Transact-SQL (T-SQL) is a procedural programming language used in SQL Server. It allows for the creation of complex queries and the automation of tasks, making it a powerful tool for database administrators.

There are two types of T-SQL queries: basic and advanced. 5.1 Basic SQL Queries

Basic SQL queries are simple queries that retrieve data from a database.

They are typically used to retrieve data from a single table and are straightforward to create. The basic structure of a SQL query consists of the SELECT, FROM, and WHERE clauses.

The SELECT clause is used to specify the columns that you want to retrieve from the table, the FROM clause specifies the table that you want to retrieve data from, and the WHERE clause specifies the conditions that the data must meet.

For example, a basic SELECT query would look like this:

SELECT column1, column2 FROM table_name WHERE column1 = ‘value’;

This query would retrieve values from columns 1 and 2 in the specified table where column 1 equals the value ‘value.’

5.2 Advanced SQL Queries

Advanced SQL queries are more complex and use subqueries and other advanced techniques to retrieve and manipulate data.

Subqueries are queries that are nested inside other queries and are used to retrieve data that would be difficult or impossible to retrieve otherwise.

There are several types of subqueries, including:

– Scalar subquery: Returns a single value.

– In-line subquery: A subquery that is written as a part of the main query. – Correlated subquery: A subquery that refers to a column from the outer query.

Subqueries are a powerful tool in SQL Server and can be used to perform complex data manipulations in a single query. 6.

Database Security

Database Security is a critical aspect of SQL Server administration. It refers to the measures taken to protect data against unauthorized access, disclosure, or destruction.

There are several aspects to database security, including authentication and authorization, and auditing and compliance. 6.1 Authentication and Authorization

Authentication is the process of validating a user’s identity.

SQL Server provides several authentication options, including Windows Authentication and SQL Server Authentication.

Windows Authentication is the recommended method of authentication and uses the credentials of the currently logged-in Windows user.

SQL Server Authentication uses a username and password to authenticate the user. It is less secure than Windows Authentication unless password policies are enforced.

Authorization refers to the process of granting or denying users access to parts of a database. Authorization can be performed using roles or individual permissions.

Roles are groups of permissions that can be granted or denied to users, making it easier to manage access to the database. 6.2 Auditing and Compliance

Auditing is the process of monitoring and recording database activity to detect and report unauthorized access attempts.

It is an essential part of database security and is often used to detect data breaches and other security incidents. SQL Server provides several auditing features, including the SQL Server Audit feature and the SQL Server Audit log.

Compliance refers to the process of adhering to legal and regulatory requirements governing data protection. Compliance regulations such as GDPR, HIPAA, and SOX impose strict data protection and privacy standards on organizations.

SQL Server provides several compliance-related features, including Transparent Data Encryption (TDE) and Always Encrypted. TDE encrypts the entire database, while Always Encrypted encrypts only specific sensitive data, allowing the data to remain encrypted during use.


Transact-SQL and Database Security are critical components of SQL Server Administration. By mastering T-SQL, administrators can create powerful queries that retrieve and manipulate data efficiently.

By implementing proper database security measures, administrators can protect data against unauthorized access, disclosure, or destruction. By combining the use of T-SQL and database security measures, SQL Server administrators can ensure the safety, integrity, and accessibility of their databases.

7. SQL Server Architecture

SQL Server Architecture refers to the components and structure of the SQL Server database management system.

It is important for administrators to understand the architecture of SQL Server to optimize performance, troubleshoot issues, and ensure proper database management. 7.1 Database Components

SQL Server databases consist of several components, including data files, log files, and TempDB.

Data files store the database’s data, log files record all the changes made to the database, and TempDB is a system database used for temporary storage. Additionally, SQL Server uses several other components to manage the database, including the Query Processor, Buffer Manager, and Lock Manager.

The Query Processor processes queries submitted to the database, the Buffer Manager manages the storage of data pages in memory, and the Lock Manager manages locks on the data to ensure data integrity. 7.2 System Databases

System Databases are a group of databases that are essential to the SQL Server system.

They include the Master database, which contains information about all other databases on the server, the Model database, which is used as a template for creating new databases, and the MSDB database, which contains information about SQL Server Agent jobs, backup and restore history, and other system information. The TempDB database is another key system database used by SQL Server.

It is used to temporarily store data in memory for use by queries and other database operations. It is rebuilt each time SQL Server is restarted, and its size should be monitored to ensure optimal performance.

8. Database Snapshots & Contained Databases

Database Snapshots and Contained Databases are two useful features of SQL Server that can simplify database management and increase database flexibility.

8.1 Database Snapshots

Database Snapshots are read-only, point-in-time copies of a database. They are useful for creating a backup of a database that can be used for reporting or data analysis purposes without affecting the original database.

To create a database snapshot, the database must first be in the Full Recovery Model. Once the snapshot is created, it uses the same data files as the original database, but writes all changes to a separate file.

This allows the original database to continue to function normally, while the snapshot can be used to read data without affecting the original database. 8.2 Contained Databases

Contained Databases are self-contained databases that include all necessary database objects and metadata within the database itself.

This means that users do not need to be granted access to the SQL Server instance or other system databases to access and use the contained database.

The contained database feature simplifies database management and reduces the administrative overhead of managing user permissions.

To create a contained database, the server must be configured to allow contained databases, and the CREATE DATABASE statement must be used with the CONTAINMENT option set to PARTIAL or FULL.


SQL Server architecture and its features play critical roles in database management. By understanding the components of SQL Server databases and the role of system databases, administrators can optimize database performance and troubleshoot issues.

By using Database Snapshots and Contained Databases, database administrators can improve database flexibility and simplify database management while ensuring data integrity and security. By keeping up-to-date with the latest features and trends in SQL Server architecture and database management, administrators can ensure that their systems remain secure, efficient, and cost-effective.

Popular Posts