{"id":6220,"date":"2021-05-28T17:36:32","date_gmt":"2021-05-28T22:36:32","guid":{"rendered":"http:\/\/andreas-wolter.com\/?p=6220"},"modified":"2025-07-28T17:42:55","modified_gmt":"2025-07-28T22:42:55","slug":"202105_security-separation-of-privilege","status":"publish","type":"post","link":"https:\/\/andreas-wolter.com\/en\/202105_security-separation-of-privilege\/","title":{"rendered":"Security: Separation of Privilege"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-10xd00s-fbd45ff40653f644789c24b2a623d57f\">\n.flex_column.av-10xd00s-fbd45ff40653f644789c24b2a623d57f{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-10xd00s-fbd45ff40653f644789c24b2a623d57f av_one_full  avia-builder-el-0  el_before_av_one_full  avia-builder-el-first  first flex_column_div av-zero-column-padding  '     ><section  class='av_textblock_section av-1087fpo-4d58689ca7d375b35d74d403e34c7ef4 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>Security principle: Separation of Privilege<\/h3>\n<p><em>(part 4 of my series of articles on\u00a0<\/em><a href=\"https:\/\/andreas-wolter.com\/en\/202109_introduction-into-security-principles-in-the-context-of-database-systems\/\"><em>security principles in Microsoft SQL Servers &#038; Databases<\/em><\/a><em>)<\/em><\/p>\n<\/div><\/section>\n<section  class='av_textblock_section av-y824mk-8f71673e2409d25a2a6808cb12dd2a59 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The Principle of Separation of Privilege, aka Privilege separation <u>demands that a given single control component is not sufficient to complete a task<\/u>. A different, more generic description is that <u>multiple conditions need to be met in order to gain access to a given process or object<\/u>. A control could be a permission, for example.<br \/>\nPrivilege separation is sometimes (but not necessarily) implemented with a form of <strong>dual control <\/strong>and requires a certain level of compartmentalization of a process or program to facilitate multiple access checks.<\/p>\n<p>This approach together with the <a href=\"https:\/\/andreas-wolter.com\/en\/202102_principle-of-least-privilege-polp\/\">Principle of Least Privilege<\/a> reduces the blast radius of a successful attack and also reduces significantly the opportunities for a successful attack in first place.<\/p>\n<ul>\n<li>Folks with an affinity for history may like to use \u201c<a href=\"https:\/\/en.wikipedia.org\/wiki\/Divide_and_rule\" target=\"_blank\" rel=\"noopener\">Divide and conquer<\/a>\u201d or even more original, \u201cdivide et impera\u201d as a memory hook \ud83d\ude42 .<\/li>\n<\/ul>\n<p>Incidentally, OpenSSH has a security option called <em>UsePrivilegeSeparation<\/em> (<a href=\"https:\/\/linux.die.net\/man\/5\/sshd_config\" target=\"_blank\" rel=\"noopener\">https:\/\/linux.die.net\/man\/5\/sshd_config<\/a>), turned on by default, that has the effect that an unprivileged child process without root privileges to deal with incoming network traffic. However, this is more a case of classical PoLP and Privilege bracketing, as discussed here (<a href=\"https:\/\/andreas-wolter.com\/en\/202102_principle-of-least-privilege-polp\/\">The Principle of Least Privilege (POLP)<\/a>) and here (<a href=\"https:\/\/andreas-wolter.com\/en\/delegation-of-authority\/\">Delegation of Authority<\/a>). As you can see its easy to get confused when doing research. And I am not saying that is wrong. What matters is that you know what you want to reach and why.<\/p>\n<p>More classical examples would be scenarios where 2 keys are required like certain types of safes. They may or may not be held by different people.<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-wrc70c-c376aff0d4f20980c3013b265a308e42\">\n.avia-image-container.av-wrc70c-c376aff0d4f20980c3013b265a308e42 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-wrc70c-c376aff0d4f20980c3013b265a308e42 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-wrc70c-c376aff0d4f20980c3013b265a308e42 av-styling- avia-align-center  avia-builder-el-3  el_after_av_textblock  avia-builder-el-last '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-6231 avia-img-lazy-loading-not-6231 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person-300x168.jpg\" alt='' title='202105_Safe2Locks1Person'  height=\"168\" width=\"300\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person-300x168.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person-600x336.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person-768x430.jpg 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person-705x395.jpg 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person-450x252.jpg 450w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_Safe2Locks1Person.jpg 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/div><\/div><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-u03g6k-dfa9b2174f64dba133c2b1dbd24a5d31\">\n.flex_column.av-u03g6k-dfa9b2174f64dba133c2b1dbd24a5d31{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-u03g6k-dfa9b2174f64dba133c2b1dbd24a5d31 av_one_full  avia-builder-el-4  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-spgcng-445d47dda5a41ca0daf0ccc6dfdda47c '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>If we look at the authentication process, Azure AD Multifactor authentication (MFA) could be considered an example of multiple controls involved: Even if an attacker gains knowledge of the password, he would still need to gain access to an additional piece, like the (unlocked) phone.<\/p>\n<p style=\"text-align: left; padding-left: 40px;\"><em>Note on Separation of Privilege <\/em>vs <em>Separation of Duties<\/em><br \/>\nAs some will notice, there is a great overlap with <em>Separation of Duties (SoD)<\/em>: Depending on the exact implementation, <em>Privilege Separation<\/em> can directly enable <em>SoD<\/em>.<br \/>\nFor example, the same way \u201cDual control\u201d-mechanisms can be used to implement Privilege Separation, such a mechanism can also be used to implement <em>SoD<\/em>.<\/p>\n<p style=\"padding-left: 40px;\">Depending on which sources you consult (I will even include such in the references below), you may read that Separation of Privileges is equivalent to SoD. But I find it important to distinguish and keep in mind the fine line between those two principles. And that is that <em>Separation of Duties <\/em>requires <u>separate persona<\/u>.<\/p>\n<p style=\"padding-left: 40px;\">This is why in my view dual control does not necessarily solve <em>Separation of Duties<\/em>. Dual control could be solved involving 2 devices to implement <u>privilege<\/u> separation but not necessarily SoD.<br \/>\nTip: Therefore, if you want to express the SoD-requirement to involve different persona, using the terms \u201cTwo-person control\u201d or \u201c4 eyes principle\u201d is less prone to confusion than the more generic term \u201cdual control\u201d.<\/p>\n<\/div><\/section>\n<section  class='av_textblock_section av-rqkzr0-de285dc048a144efa65a58d2b208efc0 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h4>Separation of Privilege in the SQL realm<\/h4>\n<p>In SQL Server, privilege separation is not commonly built-in by design, but there are some examples that perfectly fit the criteria.<\/p>\n<h5>Example 1, Object-creation<\/h5>\n<p>One example is that to create tables, a User needs to have at least both the ALTER-Permission on the schema and the CREATE TABLE-Permission on the database. Other than that, this is a rare case within the SQL engine.<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-qfke3w-ddc5af9ed0c68c44dc1ae608f3499d82\">\n.avia-image-container.av-qfke3w-ddc5af9ed0c68c44dc1ae608f3499d82 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-qfke3w-ddc5af9ed0c68c44dc1ae608f3499d82 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-qfke3w-ddc5af9ed0c68c44dc1ae608f3499d82 av-styling- avia-align-center  avia-builder-el-7  el_after_av_textblock  avia-builder-el-last '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-6225 avia-img-lazy-loading-not-6225 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-300x96.jpg\" alt='' title='202105_2PermissionsToCreateObjects'  height=\"96\" width=\"300\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-300x96.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-600x192.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-768x245.jpg 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-1030x329.jpg 1030w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-705x225.jpg 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects-450x144.jpg 450w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2PermissionsToCreateObjects.jpg 1475w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/div><\/div><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-nhug7w-adb89f978f567d39ac0d49f14caee45f\">\n.flex_column.av-nhug7w-adb89f978f567d39ac0d49f14caee45f{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-nhug7w-adb89f978f567d39ac0d49f14caee45f av_one_full  avia-builder-el-8  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-mub6oc-7a5dc6e2079322eecbb4edf4919266d8 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h5>Example 2, querying across objects<\/h5>\n<p>There is another way one can implement privilege separation in SQL Server and Azure SQL: normally, when multiple objects are accessed within one query, the SQL Server engine honors the so-called \u201cownership-chain\u201d. This is a concept unique to SQL Server and has the effect that so long as any referenced object within a query is owned by the same principal as the first one in the chain, no further permission checks occur. This means a single SELECT (or INSERT-, UPDATE-, DELETE) -permission is required to access, for example, a View \u201cAggregatedSales\u201d if that view accesses a table \u201cOrders\u201d and the view and the table have the same owner. It is not required to grant SELECT on the table if the intention is to solely grant access to the accumulated data from the view. This is a built-in behavior.<\/p>\n<p>However, one can intentionally break this ownership-chain and change the owner of the table or the view (for example, by placing them into different schemas and with different schema-owners, a recommended practice over changing owners at object-level), which then would require the calling user to have the SELECT-permissions on both the view and the table to use the view. In other words, the user would need two permissions. So, there you have another scenario of technically privilege separation, as one permission is not sufficient alone any more to access the view. But to be fair, this applies only to accessing the view: to query the table alone, one still only requires one SELECT-permission.<\/p>\n<p>This is how this looks like in code:<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l3wbbw-4b78ec5f7d68cb78d2f121d99295f3df\">\n.avia-image-container.av-l3wbbw-4b78ec5f7d68cb78d2f121d99295f3df img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-l3wbbw-4b78ec5f7d68cb78d2f121d99295f3df .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-l3wbbw-4b78ec5f7d68cb78d2f121d99295f3df av-styling- avia-align-center  avia-builder-el-10  el_after_av_textblock  avia-builder-el-last '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-6221 avia-img-lazy-loading-not-6221 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-1030x895.jpg\" alt='' title='202105_1BrokenOwnershipChain'  height=\"895\" width=\"1030\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-1030x895.jpg 1030w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-600x521.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-300x261.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-768x667.jpg 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-1500x1303.jpg 1500w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-705x612.jpg 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain-450x391.jpg 450w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_1BrokenOwnershipChain.jpg 1859w\" sizes=\"(max-width: 1030px) 100vw, 1030px\" \/><\/div><\/div><\/div><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-jh9z3w-54aac05dee0d259ff55fecbd4a6514b4\">\n.flex_column.av-jh9z3w-54aac05dee0d259ff55fecbd4a6514b4{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-jh9z3w-54aac05dee0d259ff55fecbd4a6514b4 av_one_full  avia-builder-el-11  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-gtaooc-a8743e8c0222e83fb3950ebf1b9d9295 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>We can see that the table is owned by a \u201cdbo\u201d (principal_id =1 ) whereas the view is still owned by the overall Schema owner \u201cSchemaOwner\u201d.<\/p>\n<p>Hence the SELECT-permission on the view alone is not sufficient for User Jiao to query it, as is accesses the table.<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-fkuw30-92db03568537cd439d25ac6a1898b5f5\">\n.avia-image-container.av-fkuw30-92db03568537cd439d25ac6a1898b5f5 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-fkuw30-92db03568537cd439d25ac6a1898b5f5 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-fkuw30-92db03568537cd439d25ac6a1898b5f5 av-styling- avia-align-center  avia-builder-el-13  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-6223 avia-img-lazy-loading-not-6223 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-300x195.jpg\" alt='' title='202105_2BrokenOwnershipChainMissingPermission'  height=\"195\" width=\"300\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-300x195.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-600x390.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-768x499.jpg 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-1030x669.jpg 1030w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-705x458.jpg 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission-450x292.jpg 450w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_2BrokenOwnershipChainMissingPermission.jpg 1323w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/div><\/div><\/div>\n<section  class='av_textblock_section av-etgb3w-ea9cf09b40c2e1fbada4a7595c3cb40b '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>After granting the SELECT on the table as well, the User can use the View:<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-crbuak-1d91d16ee5e929bcdb403d57aa2b617e\">\n.avia-image-container.av-crbuak-1d91d16ee5e929bcdb403d57aa2b617e img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-crbuak-1d91d16ee5e929bcdb403d57aa2b617e .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-crbuak-1d91d16ee5e929bcdb403d57aa2b617e av-styling- avia-align-center  avia-builder-el-15  el_after_av_textblock  avia-builder-el-last '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-6227 avia-img-lazy-loading-not-6227 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-1030x549.jpg\" alt='' title='202105_3BrokenOwnershipChainPermissionsComplete'  height=\"549\" width=\"1030\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-1030x549.jpg 1030w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-600x320.jpg 600w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-300x160.jpg 300w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-768x410.jpg 768w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-1500x800.jpg 1500w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-705x376.jpg 705w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2021\/06\/202105_3BrokenOwnershipChainPermissionsComplete-450x240.jpg 450w\" sizes=\"(max-width: 1030px) 100vw, 1030px\" \/><\/div><\/div><\/div><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-a50zsc-aa71ecd7bc36a2fbdc516c40bde99baf\">\n.flex_column.av-a50zsc-aa71ecd7bc36a2fbdc516c40bde99baf{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-a50zsc-aa71ecd7bc36a2fbdc516c40bde99baf av_one_full  avia-builder-el-16  el_after_av_one_full  avia-builder-el-last  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-9hafwc-b456805167b65d13cec210db8503ef12 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>In many if not most cases, it makes sense to have ownership-chains set up. But there are cases where you will want to explicitly break them. In general, it is advisable to always make conscious decisions around this and use a different owner than the built-in dbo.<\/p>\n<p>Ownership-chaining by itself is a topic that surely deserves its own articles, but this is where it connects with Separation of Privilege.<\/p>\n<p>Divide and be more secure \ud83d\ude42<\/p>\n<p>Andreas<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-85jwm4-c391c3a52e437c1e77535cfc17d3f911\">\n#top .hr.hr-invisible.av-85jwm4-c391c3a52e437c1e77535cfc17d3f911{\nheight:20px;\n}\n<\/style>\n<div  class='hr av-85jwm4-c391c3a52e437c1e77535cfc17d3f911 hr-invisible  avia-builder-el-18  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<section  class='av_textblock_section av-5n4l98-9b3b2d3bcc4d8ef46df50afa93f4624f '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong>Thank you to my Reviewers:<\/strong><\/p>\n<p>Rohit Nayak, Senior Program Manager in SQL Security<\/p>\n<p>Raul Garcia, Principal Security Program Manager<\/p>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-f399o-b8ed129379209ef3b54ebcaaf4b0bca1\">\n#top .hr.hr-invisible.av-f399o-b8ed129379209ef3b54ebcaaf4b0bca1{\nheight:20px;\n}\n<\/style>\n<div  class='hr av-f399o-b8ed129379209ef3b54ebcaaf4b0bca1 hr-invisible  avia-builder-el-20  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<section  class='av_textblock_section av-1vcwgs-9c029161bfa36066a34d262d2750a8f6 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h5>Resources<\/h5>\n<ul>\n<li>Wikipedia-Article: <a href=\"https:\/\/en.wikipedia.org\/wiki\/Privilege_separation\" target=\"_blank\" rel=\"noopener\">https:\/\/en.wikipedia.org\/wiki\/Privilege_separation<\/a><\/li>\n<li><a href=\"https:\/\/us-cert.cisa.gov\/bsi\/articles\/knowledge\/principles\/separation-of-privilege\" target=\"_blank\" rel=\"noopener\">Separation of Privilege at CISA, the Cybersecurity &#038; Infrastructure Security Agency<\/a><\/li>\n<li><a href=\"https:\/\/csrc.nist.gov\/glossary\/term\/Dual_control\" target=\"_blank\" rel=\"noopener\">Dual control &#8211; Glossary | CSRC (nist.gov)<\/a><\/li>\n<li><a href=\"https:\/\/www.stigviewer.com\/stig\/red_hat_enterprise_linux_7\/2017-07-08\/finding\/V-72265\" target=\"_blank\" rel=\"noopener\">The SSH daemon must use privilege separation. (stigviewer.com)<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-mfa-howitworks\" target=\"_blank\" rel=\"noopener\">How it works: Azure AD Multi-Factor Authentication<\/a><\/li>\n<li><a href=\"https:\/\/andreas-wolter.com\/en\/schema-design-for-sql-server-recommendations-for-schema-design-with-security-in-mind\/\">Schema-design for SQL Server: recommendations for Schema design with security in mind &#8211; (andreas-wolter.com)<\/a><\/li>\n<\/ul>\n<\/div><\/section><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":6231,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28],"tags":[],"class_list":["post-6220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-28"],"_links":{"self":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/6220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/comments?post=6220"}],"version-history":[{"count":9,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/6220\/revisions"}],"predecessor-version":[{"id":6926,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/6220\/revisions\/6926"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media\/6231"}],"wp:attachment":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media?parent=6220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/categories?post=6220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/tags?post=6220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}