Download eBook (PDF) - Red Gate Software

2 – Data Classification and RolesData Definition PermissionsIn addition to the ANSI-92 permissions there are privileges that can be grantedthat extend the user's functionality within the database schema. A fewexamples of these privileges are as follows:• Create new objects (CREATE permissions).• Modify existing objects (ALTER permissions).• Take ownership of existing objects and maintain permissions toobjects. (TAKE OWNERSHIP and CONTROL permissions).• View the definitions of the database objects (VIEW DEFINITIONpermissions).Listing 2-6 shows an example granting the permissions to theSensitive_high database role to CREATE tables and VIEW DEFINITIONof objects in the HomeLending database.USE HomeLending;GOGRANT CREATE TABLE, VIEW DEFINITION TO Sensitive_high;GOListing 2-6: Granting CREATE TABLE and VIEW DEFINITION permissions tothe Sensitive_high database role.These permissions are granted, denied or revoked in the same manner asdescribed for the ANSI-92 permissions.Evaluating Data for ClassificationIt is at this step in the process that our understanding of our sensitive dataconverges with the definition of the sensitivity classes that were defined earlierin this chapter. We are ready to evaluate the data elements in our database andbegin assigning them to our sensitivity classes.The first step is to obtain documentation of all of the fields that are within thedatabase. If captured in a spreadsheet, this overview of each field can provide aconvenient way to manage the evaluation and documentation process.Manually opening each table in SQL Server Management Studio and recordingthe column information is a mind-numbing, and thankfully unnecessary,experience. There are many excellent third-party tools that can provide50