1
00:00:00,330 --> 00:00:01,990
Hello, dear friends.

2
00:00:02,730 --> 00:00:09,180
So in this section, we're going to learn about user management, how to create log ins, and we're

3
00:00:09,180 --> 00:00:11,190
also going to learn how to create users.

4
00:00:13,040 --> 00:00:15,590
And how to create and manage roles.

5
00:00:17,160 --> 00:00:19,920
So why don't we get started and we'll start with Longines?

6
00:00:21,490 --> 00:00:27,880
So, again, you know, it's an identity used to connect to a SQL Server instance.

7
00:00:29,110 --> 00:00:35,500
So the Create Logan statement will create an identity used to connect to ask you, well, server instance.

8
00:00:37,020 --> 00:00:43,740
So what happens is Log-in is a map to a database user, so before creating a user Enescu all server,

9
00:00:44,010 --> 00:00:46,050
you really must first create a login.

10
00:00:48,150 --> 00:00:56,670
Now, each server log in is assigned one or more server roles that enable it to perform specific actions

11
00:00:56,670 --> 00:00:57,750
on the instance.

12
00:00:58,810 --> 00:01:06,400
So by default, server logins are assigned the public server role, which means gives basic access to

13
00:01:06,400 --> 00:01:07,060
the instant.

14
00:01:08,050 --> 00:01:16,300
But there are a few other available roles, and they include bulk admin, security admin, DB creator

15
00:01:16,300 --> 00:01:18,010
and server admin.

16
00:01:18,960 --> 00:01:22,590
And we're going to learn how to use some of those a little bit later.

17
00:01:23,660 --> 00:01:28,910
So in this long in part, we will learn all about the Windows authentication and ask you, will server

18
00:01:28,910 --> 00:01:29,750
authentication?

19
00:01:31,630 --> 00:01:32,710
Windows credentialled.

20
00:01:34,060 --> 00:01:39,640
So long and based on Windows credentials, allow users to log in to ask you all server using a Windows

21
00:01:39,640 --> 00:01:40,750
username and password.

22
00:01:42,400 --> 00:01:44,380
What about SQL Server authentication?

23
00:01:45,990 --> 00:01:51,300
So I ask you, well, server authentication works by storing usernames and passwords on the database

24
00:01:51,300 --> 00:01:51,690
server.

25
00:01:53,160 --> 00:01:57,600
So how can we create escarole server authentication with a query?

26
00:01:57,960 --> 00:01:58,470
Mm hmm.

27
00:01:59,640 --> 00:02:05,640
Now, as you may remember from some of the previous sections, there are many processes that are done

28
00:02:05,640 --> 00:02:06,960
in a couple of different ways.

29
00:02:07,560 --> 00:02:14,040
The first way is with SSME GraphicLy and the second way is with a query.

30
00:02:15,410 --> 00:02:19,190
And we're going to learn how to create a log in in both of these ways.

31
00:02:19,850 --> 00:02:23,390
So let's jump in at SSME and create a log in GraphicLy.

32
00:02:24,950 --> 00:02:31,520
So logins are located under the security folder and a security folder is a server level folder, which

33
00:02:31,520 --> 00:02:33,650
is one of the parent folders in the instance.

34
00:02:34,810 --> 00:02:39,850
And if we expand this folder, all the log ins that have been created before are listed right here.

35
00:02:41,170 --> 00:02:46,030
As a log, an account is coming up with the setup of escarole server.

36
00:02:46,070 --> 00:02:53,110
So now it's disabled and we can see the user Irini that I have connected to ask you all server with.

37
00:02:54,950 --> 00:03:00,590
Now to create a new log in just where I click on the security folder and choose the new log in option.

38
00:03:02,090 --> 00:03:03,650
New log in, painful up.

39
00:03:04,690 --> 00:03:09,910
Now, all the settings of the log in can be seen right here and set on this pane.

40
00:03:12,480 --> 00:03:15,960
The name of our log in will be test underscore, log in.

41
00:03:17,630 --> 00:03:23,510
Now, right away, there are two options for Log-in, Windows Authentication and Escorial server authentication.

42
00:03:24,200 --> 00:03:28,760
If we use a Windows authentication, we don't need to specify username and password because the login

43
00:03:28,760 --> 00:03:31,400
will use the Windows username and password with this option.

44
00:03:32,490 --> 00:03:35,730
But we want to create a login with Escorial server authentication.

45
00:03:37,410 --> 00:03:45,660
So this is the option that we need to specify with a password and we can enforce the log in with password

46
00:03:45,660 --> 00:03:47,400
policy with at least a letter.

47
00:03:48,310 --> 00:03:57,010
And we can enforce password expiration or we can enforce the user to change the password at the very

48
00:03:57,010 --> 00:03:57,730
first login.

49
00:04:00,110 --> 00:04:03,710
Now, we can also assign any role to the log in.

50
00:04:06,440 --> 00:04:11,450
Bulk admin, which is any member that can run the bulk insert command.

51
00:04:12,560 --> 00:04:13,460
DB creator.

52
00:04:14,470 --> 00:04:19,510
That allows any member to create, alter, drop and restore database's.

53
00:04:21,460 --> 00:04:29,380
Desk admin will allow the member to manage Ezekial server disk files, process admin.

54
00:04:30,850 --> 00:04:36,130
We'll give any member permission to kill process is running on escarole server.

55
00:04:37,130 --> 00:04:41,600
And the public role sets the basic default permissions for all users.

56
00:04:42,810 --> 00:04:51,090
Security admin means that any member can manage the server security server admin gives any member of

57
00:04:51,090 --> 00:04:54,660
this role to set configuration options on the server.

58
00:04:55,610 --> 00:04:56,510
Set up Edman.

59
00:04:57,420 --> 00:05:02,820
And remember, with this role can manage linked servers and ask you all servers, startup options and

60
00:05:02,820 --> 00:05:10,440
tasks, and of course, we have sysadmin, so any member with this role can perform any action on the

61
00:05:10,440 --> 00:05:10,830
server.

62
00:05:12,370 --> 00:05:16,270
So now we can choose the databases for the login with users mapping.

63
00:05:17,870 --> 00:05:19,880
And now login permissions can be defined.

64
00:05:21,010 --> 00:05:25,240
The status of the log in can be set to disable or enable.

65
00:05:26,330 --> 00:05:28,910
We can click, OK, and that will create the longest.

66
00:05:30,700 --> 00:05:32,530
All right, so here is our test log in.

67
00:05:34,450 --> 00:05:37,750
We can also create a log in by query.

68
00:05:41,100 --> 00:05:47,250
So create Log-in, new login with password equals just one, two, three, four or five, six.

69
00:05:48,120 --> 00:05:53,850
Now, I kind of say that as a joke, but make sure to define a strong password if you're going to give

70
00:05:53,850 --> 00:05:56,730
sysadmin or server admin roles.

71
00:05:57,710 --> 00:05:59,840
Execute the query to create the log in.

72
00:06:02,700 --> 00:06:04,020
And refresh the folder.

73
00:06:06,140 --> 00:06:07,880
And here is our new log in.

74
00:06:09,530 --> 00:06:10,760
Well done so.

75
00:06:11,850 --> 00:06:17,340
And it's possible to rename a login so we can do this in a couple of different ways, graphically and

76
00:06:17,340 --> 00:06:17,940
by query.

77
00:06:19,260 --> 00:06:22,440
The altar log in command is used to change the name of the log in.

78
00:06:23,500 --> 00:06:29,980
So we can alter login and the name of the login that we want to change its name to, and we will change

79
00:06:29,980 --> 00:06:37,750
the name of the new login with a name phrase that should be used, and then finally, we will be able

80
00:06:37,750 --> 00:06:42,820
to type the new name of the log in and let's call it new log in to.

81
00:06:43,930 --> 00:06:45,310
Now, let's execute the query.

82
00:06:46,750 --> 00:06:50,620
And I don't see an error, and here is the new log in to.

83
00:06:52,850 --> 00:07:01,220
So we can also rename a login with just by right, clicking on the login, so then choose rename as

84
00:07:01,220 --> 00:07:06,290
the option from the list and typed a new name and just press enter to accept.

85
00:07:06,800 --> 00:07:07,790
And here it is.

86
00:07:11,170 --> 00:07:14,380
Now we can change the password of login with the password parameter.

87
00:07:16,530 --> 00:07:19,620
So we want to change or alter the password of the new login.

88
00:07:20,890 --> 00:07:25,630
So we should use the password parameter and we should specify the new password.

89
00:07:29,160 --> 00:07:32,130
And the password will change when we execute the query.

90
00:07:35,400 --> 00:07:39,240
We can also change a password from a login properties Pop-Up window.

91
00:07:40,360 --> 00:07:42,990
Specify a new password and click, OK?

92
00:07:44,310 --> 00:07:45,840
And there you have it.

93
00:07:46,020 --> 00:07:46,580
That's it.

94
00:07:48,270 --> 00:07:49,110
Drop log in.

95
00:07:50,790 --> 00:07:56,610
So what about when you have to drop a log in, as you know, we have used the drop command to delete

96
00:07:56,610 --> 00:07:58,380
any object in escarole server.

97
00:08:00,020 --> 00:08:03,710
So here we will define the name of the log in that we want to drop.

98
00:08:04,590 --> 00:08:07,860
And we will drop new log in for the Log-in.

99
00:08:09,340 --> 00:08:12,580
And if we execute the query, this whole organ will be dropped.

100
00:08:14,040 --> 00:08:20,850
And we can also drop Log-in from Object Explorer with just a right click on the login that we want to

101
00:08:20,850 --> 00:08:23,880
drop and then delete and OK.

102
00:08:26,540 --> 00:08:29,570
And Leslie, let's enable the TSA log in to count.

103
00:08:30,670 --> 00:08:36,040
So from the properties window, we will see the enable and disable settings under the status page.

104
00:08:37,110 --> 00:08:39,120
Just choose, enable and save.

105
00:08:40,250 --> 00:08:40,930
And that's it.