The structure of secure systems generally consists of three parts: authentication, authorization, and enforcement of rules. Authentication is the process of checking the identity of a principal by examining the credentials and validating those credentials against some authority. Authorization is the process of determining whether a principal is allowed to perform a requested action. Authorization occurs after authentication, and uses information about the principal's identity and roles to determine what resources the principal can access. The enforcement of rules provides the mechanism to block direct access to resources. Blocking access is essential to securing any system. The following figure shows the structure of a secure system:
You will learn how SQL Server implements the logic of a secure system, including:
- Principals
- Securables
- Schemas
- Object permissions
- Statement permissions