Download eBook (PDF) - Red Gate Software

3 – Schema Architecture StrategiesDatabase object schemas offer an effective method of protecting sensitive datathrough separation, and can also make permission management less of aheadache to the DBA. To create a database object schema in a database theCREATE SCHEMA method will be executed in SQL Server ManagementStudio. The following is an example of the syntax of this method:CREATE SCHEMA [Schema Name] AUTHORIZATION [SchemaOwner]This method's arguments are:• Schema name: This is the textual reference to the database objectschema.• Authorization: This is the textual reference to the schema owner.This argument is optional. When this argument is not included the usercreating the database object schema is set as the object owner.In the HomeLending database, the only role that we want to allow to modifydatabase objects, or set permissions, in the Income_Schema schema is theDatabase Role of db_owner. Therefore, the statement that was used to createthe Income_Schema schema includes the AUTHORIZATION argument, asshown in Listing 3-2.Use HomeLending;GOCREATE SCHEMA [Income_Schema] AUTHORIZATION [db_owner];GOListing 3-2: Creating the Income_Schema database object schema.Having created the database object schema, we can use the GRANT, DENY andREVOKE statements to manage permissions to that schema, in a similar fashionto the manner in which we've previously used them to manage permissions todatabase objects.An example of the syntax used to grant SELECT, INSERT and UPDATEprivileges to the Sensitive_high Database Role for the Income_Schemadatabase object schema, is shown in Listing 3-3.71