SQL Server Security in SharePoint 2013

With SharePoint for a long time, it is assumed that SQL requires only the most initial configuration, that is, management and maintenance is no longer required, and in fact, the management and security of SQL is closely related to the stability of the SharePoint environment, so it is absolutely important to focus on SQL in SharePoint Management and maintenance of the server.

This article mainly introduces the following three points:

First, about the permissions of SQL account;

II. Disk Management for SQL Server

III. modifications to SQL Server service ports

I. Permissions on the SQL account

First of all, the question is about the account, whether it is a SharePoint server farm configuration account, or a variety of services account, are required for SQL permissions. In the past for convenience, but also did not give more research, are directly given all the authority. In fact, SharePoint requires only dbcreator and securityadmin permissions for SQL Server permissions.

II. Disk Management for SQL Server

Second, it's about managing SQL, and when you see this planning in the MSDN documentation, you do feel that you know too little about SQL Server before. Ideally, you should also place the tempdb database, the content database, the usage database, the search database, and the SQL Server transaction log on a separate physical hard disk.

When setting the data priority on a faster disk, use the following ratings:
· Tempdb data files and transaction logs
· Database transaction log files
· Search database (except search administration database)
· Database data files

Of course, in addition to the initial setup, regular management and monitoring of database service conditions is also a major feature of SharePoint environment maintenance.

III. modifications to SQL Server service ports

Finally, to talk about the problem of SQL Port, it is well known that SQL Server is the default 1433 port, so the SharePoint database will be exposed, more often, we will manually modify this port, to avoid unsafe features.

There are two main modification methods, one is modified by SQL Configuration tool:

Open SQL Server configuration Manager, find the aliases, modify the default port 1433, as far as I know only the second can be modified, of course, in order to avoid the problem, it is no harm. Such as:

The second is to modify the registry, because if you modify the communication port of SQL Server, the server and client must be modified at the same time, and the SharePoint front segment typically does not install SQL, but you can also install only administrative tools, or by modifying the registry:

Summary

These are some of the key points in SharePoint recently learned about SQL Server security management, and share them with you, not just the 2013 version, but still apply to previous versions. Of course, there may be shortcomings, need to continue to improve, want to know more people to give guidance, but also hope to bring to the people in need to help.

Reference links

http://technet.microsoft.com/zh-cn/library/ff607733 (v=office.15). aspx

Http://blogs.msdn.com/b/dbrowne/archive/2012/05/21/how-to-add-a-hostname-alias-for-a-sql-server-instance.aspx