Download eBook (PDF) - Red Gate Software

2 – Data Classification and RolesTo begin the assignment of members to our roles we will first want to considerthe inheritance of our sensitivity classes. All users within theSensitive_high role are also able to access the items granted to theSensitive_medium and Sensitive_low roles. All users within theSensitive_medium role also have access to the items granted to theSensitive_low role.Rather than maintaining individual users in all of these roles, we can use thescript in Listing 2-4 to implement this inheritance hierarchy. Please note that inorder to successfully execute this script your login account will need to haveeither membership to the db_owner server role or ALTER permissions to therole.USE HomeLending;GO-- Sensitive_medium role is a member of Sensitive_lowEXEC sp_addrolemember 'Sensitive_low', 'Sensitive_medium';GO-- Sensitive_high role is a member of Sensitive_mediumEXEC sp_addrolemember 'Sensitive_medium', 'Sensitive_high';GOListing 2-4: Implementing the inheritance hierarchy in our sensitivity classes.With this inheritance established, we can now begin to assign the databaseusers to the roles that define their level of access to sensitive data. For oursample database we will assign two database users to each role, as shown inListing 2-5.USE HomeLending;GO-- These users have been determined to have access to lowsensitive dataEXEC sp_addrolemember 'Sensitive_low', 'SMITHJW';GOEXEC sp_addrolemember 'Sensitive_low', 'JONESBF';GO-- These users have been determined to have access to meduimsensitive dataEXEC sp_addrolemember 'Sensitive_medium', 'JOHNSONTE';GOEXEC sp_addrolemember 'Sensitive_medium', 'KELLEYWB';GO46