We are just starting to run SQL Enterprise on AWS RDS and we want to be FedRamp medium compliant. We have the documentation from AWS on this but it does not specifically cover which SQL logging/auditing options we need to enable. A partial list is attached. We want to avoid enabling all of these and we find some of the MS wording and explanations a but cryptic. Is there any documentation or template for this that lists which option we need to enable to be FedRamp compliant.
Related
The documentation for Database Migration Assistant claims that it will identify and flag any "deprecated features". However, this does not seem to be true in the least. I have a SQL Server on-premises database full of features that Microsoft's documentation considers to be deprecated. However, DMA does not detect ANY of these things in an assessment targeting Azure SQL Managed Instance.
Documentation:
Overview of Data Migration Assistant
Numerous "deprecated" features, such as returning result sets from triggers, using deprecated hash algorithms in the HASHBYTES function, and so on, are not appearing at all in the assessment results. Clearly, the documentation is incorrect.
Am I missing something here?
I use Datagrip for SQL development. Recently I've had to work with Salesforce SQL (aka SOQL), but there doesn't seem to be an IDE as useful as Datagrip.
So: I'd like to add Salesforce as a data source to Datagrip, just as I would a Postgres or MySQL database.
Is this possible to do, with an extension or otherwise?
I know https://jetforcer.com/ exists, but it seems to fall short on two counts:
(a) it's apparently just a UI that lives in JetBrains apps, so I don't think it'd fit as seamlessly in Datagrip workflow as I'd like
(b) It costs $60. I don't need to do any actual Salesforce development, so paying $60 just to run queries against Salesforce isn't ideal.
DataGrip can support any database that have JDBC driver.
First of all, you need to find JDBC driver for the database. In your case that can be:
http://reliersoft.com/download/salesforce-jdbc-driver/
Then follow the instructions of generic-JDBC data source configuration:
https://www.jetbrains.com/help/datagrip/connecting-to-a-database.html#vertica_as_unsupported_dbms
URL should be like jdbc:sforce://<hostname>
(More options are available in driver's docs http://reliersoft.com/salesforce-jdbc-driver-documentation/)
After that you can run queries and view data.
If something does not work as expected, please file an issue in our bug tracker
To find out how often SQL Server users use certain objects (mostly views), I would like to log who queried the object when. If possible, I would also like to indicate in the log whether the object was called directly or if the query was part of a chain. I suspect that policies can be of use here, but did not find an example.
The answer is "Audits" in the server and database security sections in Management Studio. We are using Enterprise Edition, so "Fine Grained Auditing" is available to us. It covers the requirements in question, even including the sql statement used to query the object.
Other editions offer "Basic Auditing", not sure how much that will give you.
Because I have several unrelated resources to coordinate during commit, I would like to use two-phase commit (2PC) on Azure SQL Database, from Java code (JDBC).
On standard SQL Server, you can do a complex install of some DLL plus some scripts to make available some extended stored procedures, with names like xp_sqljdbc_xa_init or xp_sqljdbc_xa_prepare, that in turn the Microsoft JDBC driver uses to provide the XA semantics of start/end/prepare/commit. But these extended stored procedures aren't available on Azure from what I can see.
Also, by itself, SQL Server doesn't seem to have any PREPARE TRANSACTION primitive, and I don't find one in Azure either.
So how can one do 2PC on Azure?
It's not supported and in many ways incompatible with the benefits and uses cases for cloud computing. There's an excellent blog post by Clemens Vasters that I'd recommend reading and which introduces the service bus feature as a way to accommodate the key aspects of the behavior that you may be looking for.
I'm interested in the existence of any tools which can perform static analysis against a SQL Server database. In essence, I'm looking for the DB equivalent of FxCop or NDepend; something which can inspect the data layer and come back with recommendations around metrics such as design, naming and any other measurable attributes relating to quality.
Has anyone used a tool in the past that can provide some design feedback? Thanks.
If you use SQL 2008, or have an instance of SQL 2008 anywhere, you can use policy based management. This will do what you want. Check Here This will work for naming and other standards, but might not work on data metrics.
You can alway use the Microsoft Best Practices analyzer for SQL
DataCleaner http://datacleaner.eobjects.org/
SQL Enlight is a dedicated static analysis tool for SQL Server, working in SSMS as well as part of Continuous Integration. There is a review on Simple Talk by Grant Fritchey. There are numerous built-in tests as well as a capability (albeit complicated looked) to author one's own checks.
SQL Cop is another option. It's not as sophisticated as SQL Enlight, and can't be automated as part of a build process, but is free.