SQL Census is a prototype application designed to help users navigate SQL Server permissions. We launched it in April 2017 to address the growing need for DBAs and other IT professionals to see who can do what in their data estate. It’s a tedious task to find out who has access to databases and at what level.
SQL Server permissions are complex, reporting is difficult, and it’s hard to keep up with constant changes. SQL Census was designed to simplify and automate the task of understanding who has database access, what capabilities they have, and how they inherited these capabilities. It offers users a simpler way of:
- Assessing and reporting on user permissions
- Returning their system to a healthy state
- Restricting access to databases
- Preparing for a security audit
- Preparing for and maintaining a GDPR-compliant system
SQL Census does this by giving users a comprehensive visualisation of individual’s capabilities in their estate, and by offering the option to drill down into the details and see how they got these capabilities. Based on this information users can repair and monitor permissions in their data estate, and reconcile them with best practice.
What we’ve been doing
Since SQL Census was launched we’ve spoken to a number of users who have helped us iterate on those existing capabilities. We learned that the app is helping them in different ways, but we’d like it to go even further. The next phase of SQL Census is about increasing its value to users and making it the best it can be.
Our users have told us that they want more help with fixing permissions according to best practice, so this is where we’d like to focus our development effort. The future we envision for SQL Census is one where the application will help you restore your permissions to a healthy state, and maintain a good practice of giving permissions. To be able to deliver these functionalities we are introducing changes to the authentication and pricing of SQL Census.
Authentication and Pricing changes
Where users previously logged in to the application with their Redgate ID, the next release of SQL Census will require you to login via a Microsoft or GitHub account. We’re also planning to add other login providers in the future.
Once we’ve implemented the authentication changes, and to give Census the development resources it needs, we’ll transition it to a paid-for service. For this subsequent release, a subscription to SQL Census users will be required, charged at an introductory price of $19 a month. Existing users will automatically be moved to a 14 day trial period from the point at which they next log in, at the end of which they’ll have the option to buy a subscription. New users can sign up for a trial or subscribe directly. We will give guidance and support to users throughout their trial to help them get the most out of Census and use any feedback we’re getting in our ongoing pursuit to improve the app.
During our research we learned that there are various triggers for the desire to check SQL Server permissions. We’ve identified three areas for which insight into user access to databases is essential:
- When satisfying the need of an audit
- For the day to day management of user permissions
- To make systems more secure
These are not entirely separate but diverging to some degree, and we’re in the process of determining which area to focus our development efforts on. Each of them involves tasks that SQL Census can help with and features that we’re thinking about adding. For example:
- To help with an audit SQL Census could alert users when changes are made to permissions and also support other RDBMS.
- To help with day to day management of user permissions the SQL Census could allow users to trace access down to object level, enable users to compare permissions, and there’d be roll-back scripts in case a permissions reduction needs to be reversed.
- To make systems more secure SQL Census would offer query tracking to make recommendations on lowering permissions and allow the changing of permissions from within the app.
This is not an exhaustive list but the possible directions in which we could start working towards next. If you feel strongly about a particular area or functionality, please mention it in the comment section.
We’d like to work on the next features in collaboration with you, so if you’re interested in giving feedback, or if you’d like to talk to us about the changes in SQL Census, please get in touch at firstname.lastname@example.org.
You can also try SQL Census for free today. Getting started is simple, just download the app to begin your 14-day free trial.
You can read more about SQL Census – and find out what’s coming next – in our previous blog posts:
- Using SQL Census to audit SQL Server permissions
- SQL Census update: new server view
- Reducing risk with Smart Recommendations in SQL Census
Also in Audit & Compliance
SQL Server 2008 and SQL Server 2008 R2 are out of extended support as of July 2019, but the end of bug fixes, security updates and ongoing support has far-reaching data privacy implications, as James ...
Also in Blog
There's been a lot of excitement about the book Accelerate, which summarizes research from the past several years of the State of DevOps Report from DORA (which Redgate sponsors).
Perhaps the most po...