VIEW SERVER STATE Permission

This is high level server-level privilege which must not be granted to everybody. Only administrators must have privilege to use view server state permission but we can assign this permission to some users who want to see server level state of your SQL Server instance. Once you will grant this access to any login, he can see result of all DMVs.

Solution – ( Microsoft SQL Server, Error 300 )

We got SQL Server error 300 ( VIEW SERVER STATE permission was denied ) because the login you are using to execute the script doesn’t have this permission. To fix this issue we will grant view server state permission to the login name. This section will explain how to grant view server state permission to a login.

Grant VIEW SERVER STATE Permission

We can assign this permission either using GUI in SQL Server Management Studio or we can simply execute a T-SQL command to get this done. I will explain both ways to assign this permission.

Using GUI in SQL Server Management Studio

Follow below steps to do it using GUI.

1. Launch SQL Server Management Studio.
2. Connect to the SQL Server Instance.
3. Navigate to Security folder then expand Logins
4. Right Click at your login name and choose Properties
5. Click at Securables tab from left side pane.
6. In the bottom pane, scroll to the bottom and click at Grant option for View Server State value.
7. Now click on apply to close the window. You can now ask your user to test the script again. This time it will work.

Using T-SQL statement in SQL Server Management Studio

1. Launch SQL Server Management Studio. Connect to the SQL Server Instance.
2. Open New Query window
3. Run below T-SQL statement

USE master
GO
GRANT VIEW SERVER STATE TO "LoginName"

Once you execute above command, you will have view server state permission on your login name. You can resolve SQL Server error 300 VIEW SERVER STATE permission was denied on object ‘server’, database ‘master issue by following above steps given in this article.

Revoke VIEW SERVER STATE Permission

If you have identified anyone who must not have this permission then you can go ahead and revoke his access post getting proper approvals. Make sure that identified login does not have any business justification before revoking his access. Once you have decided to go ahead to remove view server state permission then you should run below T-SQL statement to get this done. Below steps will tell you how to revoke view server state permission of any login.

USE master

REVOKE VIEW SERVER STATE TO “LoginName”

GO

View SERVER STATE permission has been revoked for identified login post successful execution of above statement.

I hope you like this article. Please follow our facebook page and Twitter handle to get latest updates.

Read More:

• SQL Server AlwaysON Interview Questions & Answers
• SQL Server DBA Interview Questions & Answers
• Understanding Enhanced Database Failover in Always on Availability Group
• SQL Server Replication Interview Questions & Answers

The post Fix:VIEW SERVER STATE permission was denied on object ‘server’, database ‘master’ appeared first on Techyaz.com.

Error: 18452, Severity: 14, State: 1.
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

You can see the screenshot of the error 18452 in below image.

Error 18452 – Root Cause

Reason behind error 18452 is because of wrong security authentication mode configuration. SQL Server is set to accept only windows logins to connect to database instance.

As we know SQL Server uses two authentication modes to accept database connections. One is Windows Authentication mode and another one is SQL Server and Windows Authentication mode. We also call it Mixed Authentication mode.

Sometimes, SQL Server authentication mode is set to SQL Server and Windows Authentication mode to accept SQL as well as windows connections but still you will face this issue. That might be because you try to connect to a server that has Always on Availability Group configuration or database mirroring configuration.

Suppose you have AOAG configuration and you are connecting to database using primary replica name not listener name using a login for which default database is set as availability database. If failover got happen during your activity or you are connecting to secondary replica using a login for which default database is set as availability database then also you will get this error 18452 along with some SSPI context error that I have given below.

Error: 17806, Severity: 20, State: 14.
SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed 

SSPI handshake errors comes because of Kerberos failure, which would most likely be related to non-existent SPN or bad SPN for SQL Server.

Solution

To fix this issue first we need to check the authentication mode set for your SQL Server Instance. If your SQL Server instance is running with windows authentication mode then you must change it to Mixed mode so that windows and SQL both type of logins can be authenticated.

To check the configured authentication mode for your SQL Server Instance, we need to launch SQL Server Instance property window. Right click at the instance node and click at the properties option as shown in below screenshot.

Once you will click at Properties option, you will be getting below SQL Server instance property window. Click at Security option from left side pane. You can see current Server Authentication configuration is set to Windows Authentication mode in below screenshot.

Now we will change it to SQL Server and Windows Authentication mode. Select the radio button for SQL Server and Windows Authentication mode option and click ok button to proceed. You can see that I have selected above mode to apply the changes.

Restart SQL Server services to apply the changes.

If your SQL Server Instance is already set with SQL Server and Windows Authentication mode then you should fix this issue in separate way. As I described above that one of the probable reason to get this error 18452 is because you might use AOAG replica server name to connect to the database with the login for which default database is set as the AOAG availability database.

If failover will happen then you would not be able to access the database because it will become secondary. Error 18452 will be generated along with SSPI handshake errors because same database is set as default database for your login that has become inaccessible now because of acting secondary database in AOAG. Failover will not happen for you because you are using replica server name to make database connection.

Possible solution to fix this issue is failback the AOAG to your earlier primary replica or you should use AOAG Listener name to make database connection. Also, to avoid this error during failover you should set default database for your login to master rather than availability database.

I hope you like this article. Please follow our Facebook page and Twitter handle to get latest updates.

Read More:

• Fix Error 18456: Login failed for user “User_Name”
• Fix Error 4064: Cannot open user default database. Login failed
• Error 53: Could not open a connection on SQL Server
• AOAG Listener Error 19471: The handle is Invalid

The post Fix Error 18452: Login failed. The login is from an untrusted domain appeared first on Techyaz.com.

Compliance Program provided by Cloud Services Providers

Cloud Service providers ensure robust controls to secure their infrastructure, to protect client data. As virtual systems build over the cloud Infrastructure need also to be secured and it comes with shared responsibility and compliance. Cloud Data center environment comes with audit friendly features and standards to ensure client satisfaction about their data security. The IT infrastructure that CSP provides to its customers is designed and managed in orientation with security best practices and a variety of IT security standards due to economies of scale, including but not limited to the following:

AWS (Amazon) Security Certifications /Accreditation 

• Cloud Computing Compliance Controls Catalogue (C5)
• FedRAMP Partner Package
• Global Financial Services Regulatory Principles IRAP Package
• ISO 27001:2013 Certification and Statement of Applicability (SoA)
• ISO 27017:2015 Certification and Statement of Applicability (SoA)
• ISO 27018:2014 Certification and Statement of Applicability (SoA)
• ISO 9001:2015 Certification
• MAS TRM Guidelines Workbook
• PCI DSS Attestation of Compliance (AOC) and Responsibility Summary
• PSN Connection Compliance Certificate (CoCo)
• PSN Service Provision Compliance Certificate
• Quality Management System Overview
• Service Organization Controls (SOC) 1 Report
• Service Organization Controls (SOC) 2 Report
• Service Organization Controls (SOC) 3 Report
• SOC Continued Operations

 Microsoft Azure Security and Compliance Certifications / Accreditation 

• ISO 27001, FedRAMP, SOC 1 and SOC 2.
• The Content Delivery and Security Association (CDSA)
• Criminal Justice Information Services (CJIS)
• The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) CSACCM
• EU Model Clause
• FDA 21 CFR Part 11(The US Food and Drug Administration (FDA) Code of Federal
• Regulations (CFR) Title 21 Part 11)
• FedRAMP(Federal Risk and Authorization Management Program (FedRAMP)
• The Family Educational Rights and Privacy Act (FERPA)
• FIPS 140-2. Federal Information Processing Standard (FIPS) Publication 140-2
• The Health Insurance Portability and Accountability Act (HIPAA)
• IRAP (Australian Government Information Security Registered Assessors Program)
• ISO/IEC 27001/27002:2013
• Multi-Level Protection Scheme (MLPS) is based on the Chinese state standard issued by the Ministry of Public Security
• Multi-Tier Cloud Security Standard for Singapore (MTCS SS),
• Payment Card Industry (PCI) Data Security Standards (DSS) version 3.0
• TCS CCCPPF Trusted Cloud Service certification developed by the China Cloud Computing Promotion and Policy Forum (CCCPPF)
• UK G-Cloud. 

Google Security and Compliance Certifications / Accreditation

• SSAE16 / ISAE 3402 Type II:
• SOC 1
• SOC 2
• SOC 3 public audit report
• ISO 27017, Cloud Security
• ISO 27018, Cloud Privacy
• FedRAMP ATO for Google App Engine
• PCI DSS v3.2
• HIPAA
• CSA STAR
• MTCS Tier 3 Certification (Singapore)
• Google Cloud Platform and the EU Data Protection Directive 

IBM Security and Compliance Certifications / Accreditation

• FedRAMP
• FISMA
• FFIEC
• SOC Reports
• ISO 27001
• ISO 27017
• ISO 27018
• Cloud Security Alliance
• PCI Compliance
• HIPAA
• HITRUST Assessment
• GSMA (DAL09, PAR01)
• CJIS Standards
• EU Model Clauses
• Privacy Shield
• IBM ISO Management System Certifications

Related Read:

• What is Cloud Computing?
• Understanding Cloud Security & Data Protection in Cloud

I hope you like this article. Please follow our Facebook page and Twitter handle to get latest updates.

Reference Links: Azure , AWS  ,Google ,IBM

The post Top 5 Cloud Service Provider Accreditations and Third-Party Auditor Reports appeared first on Techyaz.com.