SQL SERVER DBA, Linux and Azure

New security server roles in SQL SERVER 2022

Now the DBA can have peace of mind by giving access to these roles if any user requested for performance or monitoring tools access . 

Now no need of giving SA access to such requests.

Below is 2019 SQL SERVER roles. 


SQL SERVER 2022 SERVER ROLES: 




Fixed server-level roleDescription
##MS_DatabaseConnector##Members of the ##MS_DatabaseConnector## fixed server role can connect to any database without requiring a User-account in the database to connect to.

To deny the CONNECT permission to a specific database, users can create a matching user account for this login in the database and then DENY the CONNECT permission to the database-user. This DENY permission will overrule the GRANT CONNECT permission coming from this role.
##MS_DatabaseManager##Members of the ##MS_DatabaseManager## fixed server role can create and delete databases. A member of the ##MS_DatabaseManager## role that creates a database, becomes the owner of that database, which allows that user to connect to that database as the dbo user. The dbo user has all database permissions in the database. Members of the ##MS_DatabaseManager## role don't necessarily have permission to access databases that they don't own.
##MS_PerformanceDefinitionReader##Members of the ##MS_PerformanceDefinitionReader## fixed server role can read all catalog views that are covered by VIEW ANY PERFORMANCE DEFINITION, and respectively has VIEW PERFORMANCE DEFINITION permission on any database on which the member of this role has a user account. This is a subset of what the ##MS_DefinitionReader## server role has access to.
##MS_SecurityDefinitionReader##Members of the ##MS_SecurityDefinitionReader## fixed server role can read all catalog views that are covered by VIEW ANY SECURITY DEFINITION, and respectively has VIEW SECURITY DEFINITION permission on any database on which the member of this role has a user account. This is a small subset of what the ##MS_DefinitionReader## server role has access to.
##MS_DefinitionReader##Members of the ##MS_DefinitionReader## fixed server role can read all catalog views that are covered by VIEW ANY DEFINITION, and respectively has VIEW DEFINITION permission on any database on which the member of this role has a user account.
##MS_LoginManager##Members of the ##MS_LoginManager## fixed server role can create and delete logins.
##MS_ServerPerformanceStateReader##Members of the ##MS_ServerPerformanceStateReader## fixed server role can read all dynamic management views (DMVs) and functions that are covered by VIEW SERVER PERFORMANCE STATE, and respectively has VIEW DATABASE PERFORMANCE STATE permission on any database on which the member of this role has a user account. This is a subset of what the ##MS_ServerStateReader## server role has access to.
##MS_ServerSecurityStateReader##Members of the ##MS_ServerSecurityStateReader## fixed server role can read all dynamic management views (DMVs) and functions that are covered by VIEW SERVER SECURITY STATE, and respectively has VIEW DATABASE SECURITY STATE permission on any database on which the member of this role has a user account. This is a small subset of what the ##MS_ServerStateReader## server role has access to.
##MS_ServerStateReader##Members of the ##MS_ServerStateReader## fixed server role can read all dynamic management views (DMVs) and functions that are covered by VIEW SERVER STATE, and respectively has VIEW DATABASE STATE permission on any database on which the member of this role has a user account.
##MS_ServerStateManager##Members of the ##MS_ServerStateManager## fixed server role have the same permissions as the ##MS_ServerStateReader## role. Also, it holds the ALTER SERVER STATE permission, which allows access to several management operations, such as: DBCC FREEPROCCACHE, DBCC FREESYSTEMCACHE ('ALL'), DBCC SQLPERF()

Reference Link



SQL DBA Checklist/Activities

 SQL DBA Checklist/Activities

Daily Checklist

1) Backups

2) SQL Server Error Logs

3) SQL Server Agent Jobs

4) HA or DR Logs

5) Shift Handover (New/Pending Tickets)

6) Implementing planned Change Tickets

Weekly Checklist

1) Integrity Checks (DBCC CHECKDB)

2) Index Maintenance

3) Updation of Statistics

4) Cycle SQL Server Error Logs

5) Reporting of Tickets Handled

6) Planning of Change Tickets

7) If any Weekly Meetings, then Prepare MOM (Minutes of Meeting).

8) Attending CAB Meetings and taking approvals for Changes.

Monthly Checklist

1) Backup Validation Test.

2) Capacity Planning: Disk, CPU, and Memory.

3) Plan if any Security Patches or Critical Hotfixes are released.

4) Report on overall Uptime/Downtime

Quarter Checklist

1) DR Test

2) Check who all have SYSADMIN permission and remove unwanted logins having this permission.

3) SOX Audit Standard

Yearly Checklist

1) Licensing Validation (if it is Volume Based Licensing)

2) Service Pack validation and applying newly released SPs.




Getting Database Backup History In SQL Server

--Getting Database Backup History In SQL Server 

SELECT

    bs.database_name,
    bs.backup_start_date,
    bs.backup_finish_date,
    bs.server_name,
    bs.user_name,
    bs.type,
    bm.physical_device_name
FROM msdb.dbo.backupset AS bs
INNER JOIN msdb.dbo.backupmediafamily AS bm on bs.media_set_id = bm.media_set_id

New in SQL Server 2022 – Generate_Series

One of the new language features added in SQL Server 2022 is the GENERATE_SERIES function. This allows you to generate a

SELECT * FROM GENERATE_SERIES(start=1, stop=7)

This gives me a simple sequence of numbers in a result set, with the column header, value.



Change data capture in onprem and Azure sql database

CDC in Azure SQL Databases offers a similar functionality to SQL Server and Azure SQL Managed Instance CDC.

However, on Azure SQL Databases, CDC provides a scheduler which automatically runs the capture and cleanup processes, which are run as SQL Server Agent jobs on SQL Server and on Azure SQL Managed Instance.

Limitations for CDC in Azure SQL Databases  

In Azure SQL Databases, the following tiers within the DTU model are not supported for Change Data Capture: Basic, Standard (S0, S1, S2). If you want to downgrade a Change Data Capture-enabled database to an unsupported tier, you must first disable Change Data Capture on the database and then downgrade. 

Running point-in-time-restore (PITR) on an Azure SQL Database that has Change Data Capture enabled will not preserve the Change Data Capture artifacts (e.g. system tables). After PITR, those artifacts will not be available. 

If you create an Azure SQL Database as an AAD user and enable Change Data Capture on it, a SQL user (e.g. even sys admin role) will not be able to disable/make changes to Change Data Capture artifacts. However, another AAD user will be able to enable/disable Change Data Capture on the same database.