Tool to enforce or audit SQL Server standards - sql-server

We are putting together a set of standards for our database. I am worried that down the road people will forget the standards or new developers will come online and not bother to use them.
I am wondering if there is a tool to audit standards and provide a report based on the standards. I would like it to include things like naming conventions for columns to not having GUIDS as the primary key.
Apex SQL used to have a tool like this called Enforce. But they discontinued it. Is there any such tool still on the market?

You can do a lot of things like this with Policy-Based Management. For example, here are a few tips I wrote for mssqltips that describe how to do a couple of things:
Enforce database naming conventions
Identify SQL Servers with inefficient power plans
Find unused indexes
Find all columns of a specific data type
Some various tips by other authors as well:
SQL Server Policy Based Management Tips
The sky's the limit, really. Anything you can run a SQL query to get a scalar result (and several other things as well), you can check with PBM.
For object-level stuff, you can get a good part of the way there using simple DDL triggers. For these you can simply hook onto DDL events (e.g. CREATE TABLE) and roll back if your naming conventions or other criteria are not being upheld. They work very similar to a DML trigger for modifying data in a table.
Just keep in mind that you can't always enforce everything, for example you can't rollback things that aren't "transactionable" (such as CREATE DATABASE) using either PBM or DDL triggers. And be careful where you put your "on change prevent" type of enforcement - for example rolling back a CREATE INDEX that took 12 hours isn't going to go over very well if it was rolled back only because it wasn't named correctly.

SSW of Australia also has a really nice tool for this called SQL Auditor.
They check SQL Server databases against a whole slew of "best practice" rules and give you a report on how you do according to their ruleset.

Related

How can i know the relationship in the database in sql server 2008?

I want to know how can I know the relationship in the database which is not determined by the primary key in the design
For example I have three tables in the database following like this :
Table 1 : fields
Table 2 : area
Table 3 : location
and all of the tables have data but who created database did not explain the primary keys and the foreign keys in it, so how can i know the relationship between this tables?
Note : I am using SQL Server 2008
If there's no documentation at all and no defined foreign keys, your options are:
Look at the application source code to see what it's doing. This may or may not be available to you. If it isn't, you're in a fair bit of trouble.
Contact whomever wrote the application originally and ask them for help or documentation. This may or may not be possible.
Guess. I'm certain you'll have to do a lot of this no matter what.
Run the application while SQL Profiler is Trace Capturing the SQL queries sent to the DB, or using Extended Events in SSMS. I don't recommend running Profiler on a production DB due to the performance impact. I've never used Extended Events, but I know that they're replacing Profiler's capture abilities in forthcoming editions of SQL Server. Neither of these tools is particularly simple (Profiler isn't; Extended Events don't look any better from the doc). You're going to need to read a fair bit of documentation.

Aspect Oriented SQL Server

Are there any libraries, open source or otherwise, that can be installed into a SQL Server instance (2008 or later) that can enforce AOP standards? I'd really like to avoid enforcing cross-cutting concerns with templates across our development staff. AOP seems like the best option, if it's available.
If it doesn't exist already, I'll try to roll my own.
EDIT:
Some examples might be subclassing Table to make specific kinds of tables, like mixin characteristics. I'm in a data warehouse environment with a lot of audit requirements so we create bitemporal tables a lot. It would be awesome to have a
CREATE BITEMPORAL TABLE
statement that would add transaction and valid time and modify CRUD statements against those tables. (Yes, I know that views and triggers can do this, somewhat.) A harder thing to accomplish would be stored procedures with specific logging or transaction characteristics, like
CREATE PROC FOO /* VERBOSE, ATOMIC, SERIALIZABLE */
and have the body automatically wrapped with the appropriate T-SQL to do those things. Yes, it's possible to add stored procedures to take those arguments and do SQL generation and compile those artifacts. But the drawback is that there's no enforcement - a developer may bypass the procedure and use CREATE PROC directly - and that the content in syscomments is the generated code, not the AOP annotated version, which breaks the abstraction.
Maybe you are interested in having a look at AO4SQL - a programming language that brings AO concepts to SQL. Conceptually, the tool works with any SQL server.
You can download my paper "AO4SQL: Towards an Aspect-Oriented Extension for SQL" that was published at the RAM-SE 2011: http://www-users.cs.york.ac.uk/~manuel/Events/RAM-SE11/RAMSE11papers.zip
Keep in mind that AO4SQL is a prototype tool, but if you would likt to join an open source project ... get in contact with me.
Interesting. I've never even thought about applying AOP techniques to a SQL Server.
With SQL Server 2008, I believe you have the ability to call .NET code, so you could maybe work in a standard AOP tool like PostSharp or Castle DynamicProxy that way.

How to separate programming logic and data in MS SQL Server 2005?

I am developing a data driven website and quite a lot of programming logic resides in database stored procedures and database functions. I found myself changing the stored proc/functions quite a lot in order to fix bugs or add new functionality. The data (tables) have remained mostly untouched.
The issue I am having is keeping track of versions of stored proc/functions. Currently I am incrementing version of whole database when I do a set of changes. As data is huge (10 Gb) I get issues having to run development version and release versions of databases in parallel.
I wish to put all the stored procs and functions in one database and keep data in one database, so that I can better manage the changes.
I am sure others would have encountered similar suggest and request suggestions on how to best handle this situation.
I would also recommend using source control keyword expansion in your stored procedures ($Version:$)
That way you can eyeball, grep, search syscomments, etc to see what version you have on your deployed database.
You can version just the schema dumps. In combination with source control keword expansion (as suggested by Rawheiser), you just take a look at what version you have in the database, generate a diff and apply it.
Also, there are several excellent tools to compare databases and their schemas, generate DDL scripts etc.: SQL Workbench, Power Architect, DDLUtils and Redgate SQL Compare, to name a few. SQL Compare is likely to work best with SQL Server, although all the others are FOSS and provide a higher ROI (in terms of time spent learning and what you can do with them) as they are platoform and RDBMS independent.
Finally, I have to say...I understand that the immediate results you get with logic in the DB are tempting, but if you've gone beyond more than a couple of procedures in the database, you're setting your self up for quite a lot of pain, sifting through what easily turns into spaghetti code and locking your application to a single database vendor. You might have your reasons, but I've been there and didn't like it very much. Logic can live very nicely in a different layer.
For source control you have several options:
Use a Visual Studio Database project.
Use SQL Server 2005's built-in support for source control
Use a third part tool such as SQL Compare
IMO Option 1. is preferable.

Need good scheme/workflow for managing database objects using Subversion

How do you track/manage your stored procedures, views, and functions in SQL Server?
I'd like to use Subversion, but it looks like I would have to just save & commit the CREATE/ALTER statements. That might work okay for me, but I suspect I'd end up doing a lot of nagging.
Is anyone using versioning with their databases? Is there a better way?
In the past, people have just commented out parts of the code and left it in. Or, they add little "added on 2/31/2010" comments all over. It drives me nuts, because I know there is a better way.
We do log changes in the object's header, but that's pretty limited. It would make my life easier to be able to diff versions.
Additional Info
We are using SQL Server 2005. I have Subversion (via VisualSVN Server) and TortoiseSVN installed, but I'm open to other suggestions.
By database objects, I specifically mean stored procedures, views, and functions.
There are only a few tables I would need to track. The database is the backend for a commercial application, and we mostly pull information out for reporting
I found a related question about stored procedure versioning
We script everything and put it into Subversion. Nothing can be loaded to Prod without a script (developers do not have rights to prod) and the people with rights on prod only accept scripts they loaded from Subversion.
We revision our database, schema creation, dw, etl, stored procedures just like any other piece of code, because it's code!
I have also seen people type dates in headers, etc. This is normally due to them completely missing the point of revision control.
Have a look at liquibase, here
It manages your sql changes/scripts for you, and can apply them in conjunction with svn via hooks or scripts. Makes doing all sorts of setup easy, and helps eliminate the case of the missing trigger/sproc/etc...
I'm not sure what you all mean with "database objects". Are these only the tables, views, procedures etc or also data? I mean daily created data?
Assumed you mean the database schema definition. By my experience there is only one way to handle database schema definitions (if you don't have NHibernate or some similar tool). You write sql scripts that create your database from scratch and check them in. You use the same scripts for installation of your software. You see the differences by just comparing the scripts files.
Whenever I've gone through this excercise, it's come down to 3 main things that need to be source-controlled:
Stored Procedures / Views / Triggers (more or less anything that can be fairly expressed as "code". These are fairly simple, include a conditional drop and create at the top of the file.
Table Schema - DROP / CREATE statements as above. You can try to get fancy with ALTER statements, but it tends to get really messy.
The biggest challenge we faced was this forces you into a system where your DB goes back to an initial state often - if there's a fair amount of work involved in bringing DBs to something usable / testable, it can be a pain. In that case we kept a library of scripts that brought a DB to various usable states, and source controlled those as well.
Data within tables. We looked at a couple of approaches here - either a series of INSERT statements stored in a file like "TableName_Data.sql" or a CSV file with custom build tooling that parsed and inserted when the DB was rebuilt.
Ultimately we went with the INSERT statements for simplicity's sake.

What is the biggest drawback of <your favorite database>? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
We all have our favourite database. If you look objectively at your chosen database, what drawbacks does it have and what could be improved?
The rules:
One reply per drawback with;
a short description of the limitation, followed by;
a more detailed description, an explanation of how it could be done better or an example of another technology that does not have the same limitation.
Do not diss any database that you haven't used extensively. It is easy to take potshots at other technologies but we want to learn form your experience, not your prejudice.
Oracle databases are quite expensive
Oracle does what it does well but the licensing costs are horrendous. That has been improved by the release of Oracle XE but the limitations of that mean that it is a growth constraint on you solution.
Database Microsoft SQL Server 2005
Defect Lack of "INSERT OR UPDATE"
Description
Often you need to either insert or update a record in a table, depending on whether the record is present or not. Not having an atomic operation to do so leads to unnecessary transactions.
This does not happen with MySQL or SQLServer 2008.
Database PostgreSQL
Defect No SQL Profiler
We asked the developers about this at a recent conference and I understand it's now something they're looking to implement.
I love the flexibility of sequences in Oracle as compared with other databases autoincrements, but the inability to set seq.nextval as a default for a pk column is somewhat annoying, and must be trivial to fix.
Database Microsoft SQL Server
Defect Huge licensing cost
Description
SQL Server has great features and it integrates very well with .NET development. The issue is that when you have to scale up from a shared database to a dedicated database, licensing costs are really high. This, in effect, leads to databases which should really run on a dedicated server, being hosted on shared servers with performance and security issues.
This does not happen with MySQL or PostgreSQL.
Database Microsoft SQL Server 2005
Defect Badly implemented UI
Description
SQL Server management studio does not offer a great user experience:
Tabbing behaviour is weird: you are always looking for the right tab
Keeps on crashing on 64-bit versions
Missing some features of preceding version, like overview of grants of stored procedures
This does not happen with version 2000.
Database MySQL
Defect Server will start up with damaged tables
Description
If MySQL has a damaged table - from either being killed during a write or some other failure - it will quite happily start up and allow the user to carry on as if the problem does not exist. Granted it will produce some error messages in the log, but from my experience this doesn't help when you're trying to figure out why an application is behaving oddly.
Most other databases will detect and repair the error on startup or simply refuse to start with any sort of corruption.
Database MySQL 5.0.x and above
Defect Ring replication errors lead to inconsistent data on different nodes
Description
The most serious problem in production we face at the moment is that in a MySQL ring the ring itself produces an error and stops replicating.
Building a ring (or Master-Master-replication) is possible since 5.x.x: You chain the databases in a "ring" so that the replicate data to each other. Every database-node gets all the changes from all other nodes.
We assume that the error lies behind autoincrement- failures. This is known from normal replication, too, but in the new version there are no sufficinet error messages in the error log. I highly recommend not to use this feature in MySQL as long as the problems here are not fixed.
Database Oracle
Defect Did not handle long datatype well for too long
Description
Oracle only had the long datatype until 9i (I believe) at which point it was deprecated in favor of the LOBs. There is a ton of code out there, however, which still has longs and all of the related restrictions. The biggest of which was that each table could only have one long column and it had to be at the end of the columns. See here for a more exhaustive list of restricitons on the long.
Database Oracle
Problem Temp table definitions are not private
Description Many databases (eg Postgres and Sybase) allow you to create temp tables on the fly, insert into them, add indexes if you want, then query from them. Oracle has temp tables, but the temp table definitions exist in a global name space. Therefore the temp table has to be created by a DBA, you need to synchronize between the table definition they used and your code, and if two pieces of code want similar (but not identical) table definitions, they need to use different names. These differences make temp tables far less convenient for developers.
Yes, I understand the benefits for the query optimizer of having global definitions. However for me the lack of convenience makes Oracle's temp tables virtually useless for me, while I use them very intensively in Postgres.
Database: Oracle
Problem: The names of tables, procedures, columns, etc cannot exceed 30 characters. This is infuriating.
Problem: It's slapdash JDBC compliance. For example, stored procedures do not return results sets in a JDBC-compliant way, but instead of a proprietary OUT parameter type. This means you can't use higher-level JDBC abstractions.
Database MySQL
Defect Foreign Keys supported only on some table types
Description
Enough said. It has obvious maintenance implications.
From the MySQL manual
Foreign keys definitions are subject to the following conditions:
Both tables must be InnoDB tables and they must not be TEMPORARY tables.
And here:
For storage engines other than InnoDB, MySQL Server parses the FOREIGN KEY syntax in CREATE TABLE statements, but does not use or store it.
This does not happen with any other major DB.
PostgreSQL doesn't have a good failover solution, but I understand they're working on it.
Database : Sql Compact Edition
Drawback : Stored procedures are not supported.
Regardless of this limitation, this DB has its' uses especially as a client cache for application that can be smart client or distributed to mobile platforms.
Database Oracle
Defect Granularity of grants on packages
Description
You can only grant permissions on packages and not on stored procedures inside packages. Or alternatively, you can grant permissions on single stored procedures but then you put them outside of packages. This requires you to know up front who will use which stored procedure and it is really hard to refactor.
This does not happen with SQL Server.
Database Microsoft SQL Server 2005
Defect Lack of array type parameters
Description
Useful in searches, a lot of times you need to pass a series of values to be matched against. In SQL 2005 you can do a workaround by using CLR inside SQLServer. Given the usefulness it would make more sense to have this feature out of the box.
This does not happen with SQL Server 2008 or Oracle.
Database Postgres
Defect No analytic queries
Description
Analytic queries, introduced by Oracle, are part of the SQL 2003 standard. Unfortunately Postgres hasn't implemented them yet.
Database : PostgreSQL
**Problem : ** is that connector for C# for example are not really up-to-date and crash with advanced feature.
Database: All
Drawback - Poor design by people who didn't think it was important to know what you were doing when you designed a datbase. Far more problmes caused in all databases by bad design than from any missing feature. So I suppose they are all missing the "read my mind and figure out the best solution without me having to think" feature.
Any SQL DBMS
Defect: Duplicate rows
One of the virtues of the relational model is that it represents everything without duplicate tuples, i.e. using relations, which have keys and no duplicates. Unfortunately SQL isn't built that way. This makes the database developer's life needlessly difficult. SQL developers have to deal with tables without keys and debug queries that return duplicate rows.

Resources