| A community of more than 1,600,000 database professionals and growing |
| | | Small Changes and Big Impacts I've been doing some work with RLS lately (Row-Level Security). I think this is one of the most useful features added in SQL Server 2016, and I wish it had been available earlier in my career. I've had the need to secure multi-tenant databases, which is a chore. Updates and new functionality constantly brought stress on developers and DBAs that a small mistake would expose one client's data to another. RLS isn't perfect, and while it simplifies the way in which you can apply security to your tables, it does require strong T-SQL understanding and careful thought. While we often can link a user to a customer, we may decide that we also have administrators or super users that need to access all, or many pieces of data. What might seem like a small change, just adding a catch-all clause, might cause problems for performance. This article at MSDN shows the impact, which could be quite large for million (or billion) row tables. I ran across a developer that was testing access and found performance to be much worse. They were querying AD with OR clauses to allow different groups access, and this ended up causing issues. There are a few ways that this could be solved, but everyone should understand that adding in functions to your code requires more processing of data. This processing can dramatically impact your system, just like any other code, if you haven't written efficient operations. That's ultimately the litmus test for most code. Is you code written to work efficiently in your environment and with ever growing data sizes? There are certainly places where a trade off might make sense. If you have a system that will never pass many rows through the FORMAT() function, perhaps that's acceptable. If you can't be sure of the data size and it could be large, then you shouldn't ever be using FORMAT(). There are some great features in SQL Server, many of which can help you write better applications. You just need to use them appropriately and in the places where they will shine. RLS is one of these, but there can be a performance impact if you aren't careful. Ensure that you learn to write better code, picking the patterns that work well. No matter what, also ensure that before you deploy your change, you run a full scale performance test to be sure your clients won't be spending most of their time staring at a screen while some query runs in the background. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| | The Voice of the DBA Podcast Listen to the MP3 Audio ( 3.4MB) podcast or subscribe to the feed at iTunes and Libsyn. The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT | | | | Database migrations inside Visual Studio Feeling the pain of managing and deploying database changes manually? Redgate ReadyRoll creates SQL migration scripts you can use to version control, build and release, and automate deployments. Try it free |
| | | | Free data protection and privacy livestream Many of you will be aware that the new GDPR legislation comes into effect in May and, in light of this, Redgate recently hosted a livestream that included sessions to help you become best equipped to deal with the challenges GDPR brings to compliant database management. Watch the recording |
|
|
|
| | | | | PremKumar Raju from SQLServerCentral.com In SQL Server 2016 the availability group automatic seeding functionality is implemented. This article will detail the steps to use of SSMS with automatic seeding and its limitations. More » |
| | Additional Articles from Database Journal Once you enable your database to be encrypted with Transparent Data Encryption (TDE), the physical database files, and the database backups are encrypted. If your database and database backup are encrypted, then how can you send the encrypted backup to a person outside your organization? More » |
| | Kenneth Fisher from SQLServerCentral Blogs I’d never seen ORIGINAL_DB_NAME until recently and I thought it would be interesting to highlight it out, and in particular... More » |
| | Bert Wagner from SQLServerCentral Blogs One misconception some people have about SQL injection is that it can only happen when concatenating a user input parameter... More » |
|
|
| | | Today's Question (by Thomas Franz): In my little data warehouse database (only clustered indexes, no columnstore; SQL 2014) I have a table with denormalized order data. For reporting issues I have to aggregate a column (e.g. the number of order positions per order), but have to output some order data too (which are equal for the whole order as the order date / customer). To reach my goal, I could either put all equal data in the GROUP BY section or could group only by the order number and use MIN or MAX on the equal columns. A third method would make use of windowing functions and DISTINCT Which of the following statements would be the fastest (CPU wise; the I/O will be the same as the data / results are equal): SET STATISTICS TIME ON; -- Method 1 SELECT t.order_no, t.order_customer, t.order_date, t.order_city, t.order_address, COUNT(*) AS pos_count FROM dwh.orders AS t GROUP BY t.order_no, t.order_customer, t.order_date, t.order_city, t.order_address; -- Method 2 SELECT t.order_no, MIN(t.order_customer) AS order_customer, MIN(t.order_date) AS order_date, MIN(t.order_city) AS order_city, MIN(t.order_address) AS order_address, COUNT(*) AS pos_count FROM dwh.orders AS t GROUP BY t.order_no; -- Method 3 SELECT DISTINCT t.order_no, t.order_customer, t.order_date, t.order_city, t.order_address, COUNT(*) AS pos_count FROM dwh.orders AS t |
Think you know the answer? Click here, and find out if you are right. We keep track of your score to give you bragging rights against your peers.
This question is worth 3 points in this category: GROUP BY. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| ADVERTISEMENT | Design and configure SQL Server instances and databases in support of high-throughput applications that are mission-critical and provide consistent response times in the face of variations in user numbers and query volumes. Learn to configure SQL Server and design your databases to support a given instance and workload. Pick up your copy of this great book today at Amazon today. |
|
|
|
|
|
| Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): I have an Availability Group setup between two instances. If I have a page become corrupt on the primary, it is automatically repaired with a copy from the secondary replica, except if it is one which types of pages?
Answer: File Header Pages, Database boot pages, or allocation pages (GAM, SGAM, PFS). Explanation: Automatic page repair does not repair pages that are file header pages, database boot pages, or allocation pages. Ref: Automatic Page Repair - click here » Discuss this question and answer on the forums |
|
|
| | | | PremKumar Raju from SQLServerCentral.com When a VM is provisioned from the VM template, the server name and host name doesn’t match with each other. In such scenario you may need to change the server name of the database instance. Below script will be handy when then change is performed. This script will change the server name of the SQL server Instance, if the host name doesn't match the server name. DECLARE @HostName NVARCHAR(30), @ServerName NVARCHAR(30) SELECT @HostName=HOST_NAME() SELECT @ServerName=@@SERVERNAME SELECT @HostName AS 'HostName',@ServerName AS 'ServerName' IF @HostName <> @ServerName BEGIN USE [master] EXEC sp_dropserver @server=@ServerName EXEC sp_addserver @server=@HostName,@local='local' SELECT @HostName=HOST_NAME() SELECT @ServerName=@@SERVERNAME SELECT @HostName AS 'HostName',@ServerName AS 'ServerName' END ELSE SELECT @HostName AS 'HostName',@ServerName AS 'ServerName' GO Restart the SQL Server Instance once the above script is executed. More »
|
|
|
| Database Pros Who Need Your Help |
| | Here's a few of the new posts today on the forums. To see more, visit the forums. Query for Multiple DB - I need to execute this query for Multiple DB to check Index and store in a table, below query only... SQL Server 2016 - Instalallation on Vmware - Good afternoon, I have to install SQL Server 2016 on a Virtual Machine 2016. My question is always the same : How partitionning... SQL Server 2016 Standard Edition - help - I need to encrypt my database and I have the standard edition SP1. With the standard edition I cant use... TEMPDB files - Hi, Please suggest to configure tempdb files in SQLserver2016 Enterprise edition. cpu_count is 96. current tempdb files are 24 is it good configuration ? do... SQL Agent Jobs for a DB in AG SQL 2016. - I have a problem that a job configured on the second node of an AG CLuster is failing with errorThe SQL Agent JOb... Delete old backup files - I am wondering if someone can help me out here. We have backups in place but since we don't have... Using Or within a clause with multiple ANDs - I think i need to put my OR in (), but not sure how . . query runs longer than it should.. I want... How many active orders were there at the close of each day - Hello, I have an Orders table with Start DateTimes(when the order was created) and Stop DateTimes. If the Stop DateTime column IS NULL,... Use uniqueidentifier field in place of int - Hi All, I'm trying to populate a temp table. Here is the temp table: CREATE TABLE #SESDMVESEnrollData ( ContractNumber nvarchar(50) not null, ... deadlock vs. locking - Hello, We have a database transaction. During this transaction, the database is locked so that other process can't access the database.... How to write this query? - Hi, I have this dataset: create Linked Server Issue Updating Remote Table - Good Day, I have written a stored procedure that updates our document repository which in turns updates the local server with... Can't start Analysis Services on cluster after restoring system databases - Hi all, Last night we had a suspected network issue which caused all connections to several of our SQL servers to... database diagram - "add related table" greyed out - Hi there With SQL 2008 database diagram - when I right click on my table to add related tables, this option is... Cannot convert between unicode and non-unicode string data types - I am working on an SSIS project, to pull data from Oracle 10.2g into SQL Server 2008R2, 64-bit. This project... Jasper Smith's SSRS Scripter - Anyone happen to have this tool handy? I used in the past to successfully migrate a 2005 SSRS instance to... How to recreate subscriptions on a new server without doing a restore? - Hi all, Is it possible to safely recreate subscriptions (standard & data driven) from one server on another server without doing a... Visual Studio report designer and report parts - Hi all We've been using Report Builder from the SSRS web-page to produce reports and using Report Parts for standard items... What next???? - I have total 5 year exp In Sql, ssrs, ssis, ssas(3 year). I was thinking what to fo for next. Learning new... Add timestamp in a logfile - I am fairly new to ssis and I am in a process of learning it. The 1st task which is... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com. | This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here. | This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
