Steve Jones, the editor from SQL Server central and I talk about the need to build your own brand and we share a few ideas on how to do that. We talk about Steve’s brand and how he built that over time and some options available to allow you the most opportunities possible. The New York Times said in 2007 Nike spent 678 Million Dollars on advertising–A company almost everyone already knows. What are going to do help establish your brand? This episode is a must have for those looking to kick it up a notch on the opportunity meter.
Steve on Twitter
Red Gate SQL Prompt
The Modern Resume
SQL Server Central
Transcript: Build Your Personal Brand
Carlos Chacon: Welcome to the SQL Data Partners podcast. My name is Carlos L. Chacon, your host. This is episode six.
Today, I’m super excited to have someone on the show that you probably already know. Steve Jones from SQLServerCentral.com is with us today. Steve is the Editor-in-Chief of SQLServerCentral.com. He started working with SQL Server in 1991, which I’m pretty sure wasn’t called SQL Server at that time.
Today, we’re going to be talking about branding. Steve had a great brand, and I’m super excited that he’s been willing to share a little bit of his time, and thoughts about building a brand. Ultimately, the goal here, or the idea is that you can take some of these branding ideas, put them to use in your own environment, and hopefully, additional opportunities will come your way.
If you like today’s episode, we invite you to give us a rating on iTunes. Give us some of that feedback, and let us know what we’re doing. If there’s something you’d like to hear, you can hit me up at [email protected] or of course I’m on Twitter @Carloslchacon.
If you like these episodes, we invite you to subscribe to our iTunes podcast. We are also now on Stitcher, we’re excited about that and as always, welcome to the show.
Children: SQL Data Partners.[music]
Steve Jones: Thank you, thank you, I’m glad to be here. I still run SQL Server Central. That’s my primary day job. That’s a lot of what I do on a day-to-day basis. I’m always writing and producing the content there. You’ll certainly see me there.I work for Red Gate software as well. They employ me to run SQL Server Central as well as to be an evangelist, which means that they send me around to a variety of events, starting to be all around the world.
It’s mostly in the US but I’m doing more in Europe. I’m at a number of conferences every year and a bunch of SQL Saturdays. As many as I can fit in with busy family life and all the other responsibilities I have at work.
Carlos: Sure, there’s no question that you keep a full schedule there. One of the things we wanted to talk about today was, standing out from the pack, right. Building your own brand.We aren’t necessarily going to talk about getting famous but we do want to talk about some ways that data professionals can present themselves in a little better light with the hope of having some more opportunities come their way.
The reason I wanted to have you on the show, Steve, is because of your own individual brand. You’ve got a great brand and if folks are just starting out and haven’t met you, they’d probably be surprised when they first meet you that one, you’ll be in a Hawaiian shirt and two is that you’ll walk up to them, you’ll extend your hand, and ask them a few questions.
Steve Jones: Yeah, exactly.
Carlos: I think that’s a great brand and I think you might have some ideas for our listeners that they can try to apply to their own brand.
Steve: Absolutely. What you just said here, just introducing yourself, that’s networking. That’s a great way to just meet somebody else and get to know another person in the community. Start to build a little bit of a bond. Maybe make a friend. Maybe make a contact of some sort. That’s one of the things that has helped me over the years.As a young man in high school and college, I was really shy, didn’t know a lot of people. There’s been plenty of times I’ve gone to events for schools, or yearly in my career where I didn’t introduce myself, I kind of just sat in the back, and found that I wasn’t really growing my career as much. There’s always so much you can do, in terms of being just a very smart young man or young woman today.
It’s great to be good at your job, to have a lot of technical skills, but really a lot of hiring, a lot of decisions for promotions, reviews, for bonuses. All these things, they come down to personal context and people liking you.
Just being friendly is a great way to kind of grow your brand a little bit and meet other people. Just walk up to somebody, “How you doing? My name is Steve. What do you do here? Why are you here today? What’s your job? What are you interested in?” Just a couple questions, just like you might if you’re in a party or something else, some other event there. That’s probably the best thing I think you could do for your career these days.
Carlos: I think one of the big misconceptions about networking — particularly maybe five, seven years ago — was that you wanted to do that to advance your own purposes. As you just mentioned, ultimately, it is about extending your network, and you need to find out about what other people are doing. Asking those questions from people just to get a feel. Start that conversation going, and then, potentially down the road, something may happen that may be of your benefit, but it doesn’t necessarily need to be the goal.
Steve: Right. Certainly, you might help somebody else. We have a lot of people in the soup community that are very open, friendly, and willing to help others. Maybe you’ll meet somebody you can help. Or maybe you’ll meet somebody who just can bounce an idea off later. Ask you questions of.I meet people all the time that are good at SSIS, reporting services or DAX, or things that I’m not very good at. When I have questions, there is somebody I can just call on — that I’ve had a conversation with — and say, “Hey, can I ask you a question?”
Carlos: When we talked a little bit about events and we talked about getting to know people. Another thing that I’d like to encourage people to do is to get to know the vendors a little bit more. This is kind of with the eye towards adding that into your network, particularly the product folks, “Hey, what is it that you do and what problems are you trying to solve?”It may be, for example, a Dex vendor. I don’t know if there’s one out there like that. You may have nothing to do, that’s not even on your radar, but the next person that you talk to might have something. To be able to say, “Hey, you know what? I just talked to so and so at this vendor, they might be able to help.”
You’ve provided value to that person and the likelihood of them remembering who you are skyrockets.
Steve: Exactly. Somebody at work might ask you, “Hey, we need to do this thing with Dex. Do you know anything about it?” You go, “You know, I met somebody a few months ago. I’ll ask them. I’ll call them back.” Certainly, getting to know vendors is a good idea because some of us go to work for vendors. Some of us leave vendors and go somewhere else.There might be an opportunity for you to go to work there. Like you said, just answer a question for somebody else or at least have an idea of what could work.
Carlos: Right. I think the idea there tied in with the brand is that you’re creating a brand of being able to provide value, of being knowledgeable about different things. Having that network that people can at least run ideas by you and that they’ll know, “We’re kind of stumped with something. Let’s go ask Steve, see what he thinks.” Right?
Carlos: As we go and we do this, we’re networking. Individual events sometimes is difficult to get to, can be cost prohibitive. Are there other ways to grow that network? Social media, obviously, is one that has exploded here lately and allows us to scale our networking opportunities.
Steve: Absolutely. Yeah, social media’s a great way. There may be groups in your local area. I mean, there’s obviously pass groups, SQL Server user groups in your area, but there are often industry groups as well. For example, in Denver when I first moved here, we had a group called First Tuesday. It was basically a happy hour, restaurant or bar, on the first Tuesday of the month where IT professionals would get together.Everybody from CTO’s to DBA’s and Sys admins would have the chance to have a drink, just meet other people and talk. Certainly there’s those opportunities as well as more formal events that are industry specific. Social networking is a great way, it works the same as an in person event. I know it seems silly and seems like we’re not interacting with people when we’re not doing it face to face, but you could build some great relationships across distance by using Twitter, Facebook, Instant Messaging, even forum places like SQL Service Central or MSDN, the place where people ask questions and answer questions.
You can really build these strong bonds in the same way that we did it 100 years ago, by having pen pals, by writing letters back and forth. Except today we can do it in real time or near real time.
Carlos: One of the things we want to, I guess at least encourage folks, from my standpoint is that you can use social media for many things but we want to convey a professional air, if you will, when we’re trying to build our brand from a data professional perspective, right? I think there are certain social medias like Facebook, for example, I know a couple of people out there that are like, “If you’re going to invite me to your wedding or you think I might invite you to my wedding, then we can connect of Facebook.”Otherwise, we need to go to other mediums to interact in that professional way. Separating the lines, in a sense with, here’s my brand, here’s who I am in social media from a data professional perspective versus here’s my kids and my grandma at the family reunion.
Steve: Exactly. You certainly need to draw some separations. Denny Cherry is a friend of mine. He’s a well known consultant in the US who does a lot of SQL Server work. He is across all social media areas where he posts. Recently, he actually made that separation, where he set up a professional Facebook side for his business and for his career. Then he broke that with his personal Facebook group because he posts his opinions and different ideas on Facebook that aren’t work related.Certainly, you can cross the line, just like at work, when you’re actually in an office, there are some topics religion, politics, things that you don’t necessarily want to get too involved in at work because it’s not necessarily appropriate. You may offend somebody or you may get yourself too worked up and get upset. [laughs] You may say something inappropriate. I always encourage people to think about separating those things out.
For example, my Facebook is completely set to private for only my friends. I don’t share anything out there professionally. I typically don’t connect with professionals on Facebook. It’s typically for family and friends. There is Twitter, and my blog, and Linked In and other places where I do connect with other professionals.
I’m aware of what I post there really reflects on me as a DBA and a SQL Server professional. I don’t necessarily want to post things there or advocate for things that aren’t appropriate for my career.
Carlos: Sure, and ultimately again, we’re talking about that brand, and so you can be a political moderator if that’s what you want to do, but do that in that space.
Carlos: If you’re going to create the social media space to build your brand as a data professional, then the topics and the related information needs to somewhat align with that. Now sure, you go to an event and you post pictures and stuff, that’s all, again, involved with that brand.
Steve: Exactly, we’re all conservative, or liberal, or independent, or something. We all know that but, when I’m trying to decide if you’re the person I call for an interview, or you’re the person I want to hire, I don’t really want to see that because it’s serves no real purpose. It’s as likely to offend me, or upset me, as it is to attract me to you.We want to present a positive, very professional image to potential employers. Recruiters, employers, HR people, hiring managers, somebody that’s going to look at our profile on social media we want them to see somebody that they want to hire, that’s going to fit in that position well.
If you want to be a political commentator, or you have a band, you’re a musician, or something, have a separate Twitter account, a separate Facebook. Just have a different place where you put that stuff.
Carlos: It can be overwhelming, particularly to see some of the other folks in the community who appear to be on social media 24/7…[laughter]
Steve: Yes indeed.
Carlos: They’re posting a lot of stuff out there. I know, I look at it, I’m like, “Wow.” Do we need to be on there all the time? What’s the balance? I’ve been meaning to ask some of these folks that host a lot, how they do that.
Steve: It’s certainly is, it’s amazing sometimes how many tweets, or Facebook posts I see from some people, it’s incredible. Certainly there are some tools that help you post in multiple places, or automate things that can maybe make it look like you’re more active than you are. Really, I look at social media just like I look at other social situations.At the office I may get up and go get a cup of coffee and I have the chance to chat with somebody in the hallway, or in the kitchen, and along the way, or I may catch somebody going in or out of a building and spend a couple of minutes there. That’s really how I treat social media, I try not to be too bogged down in it.
Part of my job as an evangelist is to keep track of it so I certainly do…we have some professional accounts for SQL server central and at Redgate, that are on social media. We monitor those a little more heavily.
For my account I may pop it up and look at it, and I just go on about my day for a while and maybe I take a couple minutes just to see something later, go on about my day. If I’m at an event, or if something is caught my eye that I’m reading, I may post that over there, as well. I try not to…the purpose isn’t to be on social media, the purpose is to be on the actives with other people socially, at your schedule, at your pace, whatever works for you.
I don’t set goals, and in fact I make it a point to turn things off, like I don’t have Twitter up today, it’s just off because I’ve got other things I need to accomplish today. [laughs] and I don’t need a distraction. Just like at work, I might put on headphones and just sit at my desk for a while because I need to actually get something done.
Carlos: Twitter can definitely be a big distraction.
Steve: It can.
Carlos: I also think, just like with the community, we shouldn’t necessarily be reserved in trying to share some other things. If we start building our brand, and start trying to help others, some of that…well, so most of us, particularly myself, there’s nothing that I’m going to share that a lot of other people don’t already know.But there may be other folks in my network that aren’t as familiar with it. Let’s take an example, like high availability. I maybe come up with something about high availability, always on. There’s books on it, there’s people, MVPs that are in that space. However, my network may still benefit from some of those things, so I don’t think we should be nervous, or feel like the content that we’re trying to provide is less valuable. Because again, that building our brand of folks who are willing to share that information, it will be helpful to someone.
Steve: Absolutely, I think one of the things that we don’t realize sometimes is how absolutely huge the world is. It is stunningly large and even something that’s incredibly popular on Twitter, really only makes it to a small fraction of the people that are out there. Because they’re not available at that time, they’re busy looking at something else, they just skip by it because there’s a whole list of other posted things that are there.I completely agree you shouldn’t get too bogged down in the idea that everybody else has seen what you’ve seen. The way that we personalize things these days, the way the software allows us to customize the views means that it’s entirely possible a lot of the people that you know haven’t seen something. Or they may not have seen the exact thing that popped up three seconds ago, but if you post it, it’ll appear there, or if you blog about it, it’s there.
To me, I always recommend people think about, what does this look like when somebody’s looking at me, not just what the world sees. Because potentially, an employer that look at my blog, or looks at my social media timeline, is looking for me to find out information about me. So it’s important that they see something about how I interact with the world, how I think, what my knowledge is. Rather than in the context of what everybody else has done.
Carlos: That’s a great point and again, building that brand. They’ll look at your book of work they can see it in totality. Let’s talk a little about your brand, and actually, as I get into it, it’s quite diverse. We talked about the editor at SQL server central. You’ve got “Database Weekly,” you’re with Redgate Software, you also host another site for “ModernResume.com.”
Carlos: You blog at “Voice of the DBA.” You actually put out some podcasts under that same name, as well.
Carlos: So, @way0utwest, your handle for Twitter perspective, and then your Hawaiian shirts.
Steve: Yes, exactly.[laughter]
Carlos: I went through it and I thought, “Holy cow.” That’s a lot of stuff, sounds like a lot of work. How do you keep that up?
Steve: How do I do that? Sometimes I look at my life and the amount of chaos that’s involved is stunning to me at times. I think I’m really just getting through the week, some weeks.[laughter]
Steve: The Hawaiian shirts are easy. I buy two or three a year, so that builds up over time and then it’s just a question of grabbing a clean one that’s ironed and I put it in the suitcase…[laughter]
Steve: That one’s easy. Some of what I do in that variety is because it’s a little bit of experimentation, it’s a little bit of trying to understand what works and doesn’t work, and it’s a little bit of trying to see how different parts, different areas there may reach different people. So I may get responses, or comments in different places on similar things I’ve posted. Some of it is a little bit of experimentation for me.For somebody that’s building their brand, for the most part it’s just about them. They’re not trying to advocate for anything other than their own career. Whereas, I worked for companies so I’m obviously advocating for them a little bit with the podcasts, and the events, and some of the other things I do.
The reason I have the Voice of the DBA as a blog, as opposed to just having SQL Server Central is I recognize I may not maintain this job forever, or I may want to go to work elsewhere so I want my own brand, my own place where I can have copies of all my work there. Really, I maintain that blog there specifically to build my career, if I actually have to go look for a job at some point that’s the place where I would try to send everybody. My professional career is, kind of, the SQL Server Central stuff and that’s what I do.
Database Weekly was a spin off from there as a way to kind of diversify our business. Fortunately, I don’t have to do that every week. We do about every third or fourth one depending, throughout the year, because that’s Red Gate Project SQL Server central and Database Weekly. I have a staff of people at Red Gate that help me do different pieces, and they do some of that.
The modern resume is a little bit of my volunteering effort. It’s a little bit of trying to give back to people to help them improve their careers. Certainly, I go to some of the SQL Saturdays to advocate for Red Gate, but a half of my go to-ers is really just volunteer effort. For me, taking time out of my life help improve my career because I can talk about different things. For me, it’s a volunteer effort. Try to teach people something, try to go and speak and help somebody else if you get better at SQL Server or their career, or something else.
I tend to do a lot. I’ve been successful. I’ve got a little bit lucky in my career. What I try to get people to do is think about pacing. Certainly there are times of the year where I don’t travel, my family comes first, other things with my kids come first. I have to put work and other things on a little bit of a pause there. Or I have to shift work around to make time for them.
That’s why I encourage everybody else. You’ve got to build your career and it is important, but its got to fit around the rest of your life. You’ve got to remember you have hobbies, you have a family, you have parents or kids or something else. I try to keep in some kind of balance there.
Carlos: You bring up an interesting point there with the volunteering and you mentioned that you do quite a bit of that. How do you think volunteering helps a person build their brand?
Steve: There is a number of things there. But one thing I come back to from a career perspective is that I’ve managed lots of people, in big groups, small groups in different areas of my career. I never want to micromanage somebody. I never want to have them be told to do every little thing. If I ask them to set up a server, I don’t expect to ask them to also set up backups and set up maintenance plans and go ask somebody what security they need, and those other things.I kind of expect them to do a little bit more than I ask them to do. Volunteering is a great way to show that you’re willing to do more than you are asked to do, especially if you volunteer at work. If you volunteer to teach somebody something or to build a utility or do something that helps another group. It’s a great way to A) make your job easier or make somebody else’s job easier, but it shows that you’re willing to do a little bit extra at work.
That’s a valuable skill because so many people are happy to just go do the bare minimum at work. If that’s what you want to do or maybe that’s the place you are in your life, that’s fine. Certainly people get married and divorced, somebody is sick, they have times in their life where they need to just do the bare minimum. If you do that for your entire career, if you do that for decades, you’re just an average person and you’re not necessarily a great employee for me as a manager.
Volunteering is one of those ways to show that you do more. The other thing is volunteering outside of work on top of helping your mental health, because I think that it’s important to give back and help society someway at some point in your life, you also build these skills in terms of just getting things done when you often don’t have good supervision to get requirements or good direction in a volunteer effort.
A lot of times volunteers just say, “I need some stuff done, would you please do it,” and you have to figure it out. Those are great skills and stories that aren’t really appropriate to talk about most of the time, but in terms of your career, those are good places to talk about, “Hey, I am learning these skills or I have done this thing elsewhere.”
Carlos: I think from the volunteering perspective, another benefit is the ability to be around other like-minded people. People who are working towards that goal. They’re trying to break away from the pack, if you will. By doing that, rubbing shoulders with them, getting engaged in the activities that they like, you’ll be able to build your network outside of the domain, outside of your work environment and you never know what kind of…again networking opportunities might arise from that.
Steve: Exactly. There’s a lot of technical opportunities to volunteer, there’s gift camps around the U.S. where you code for charities, you can spend a day or two doing that. Lots of organizations, from churches to non-profits and charities, they need technical help a lot of times and they can’t really pay for it very much. If you’re willing to volunteer an hour a week, two hours a month or something like that can be a great help them and also build some skills for you.
Carlos: Sure. Now, you don’t want to be pessimistic. But I think you feel like you should put a word of warning. Because occasionally, particularly volunteering at work is probably a good example. Every once in a while, the flaming bag of poo is going to come your way and here you’ve just raised your hands. “I’ll take it!” And yes, that will happen, you’ll have to work through that. Every assignment that you take won’t be the CEO…chatting with the CEO or even taking him out to lunch, that kind of thing.
Carlos: But again working through that, showing that you are willing to put in that dedication, that hours. When things then do become important, your manager has something that’s critical to their path, they’re more likely to pick you for the team because they know that you’re willing to put in the effort. If that is successful, the rewards are… big upside.
Steve: It could be a big upside, absolutely. It could be a downside too, the other thing is if you volunteer to do something at work and you’re doing this and all of a sudden it becomes more important, you may get stuck with two jobs.[laughter]
Steve: Yeah, I always say that whenever you’re going to volunteer like that, especially if you’re doing something at work, make sure your manager or somebody knows about it. That they’ve kind of given it a blessing and an approval, even if its tacit. At least they have agreed that you’re going to do something else and they understand where your time is going and what you’re doing.
Carlos: So then that feedback then becomes important. To let them know, “Hey, this task that I’ve been assigned or I’ve volunteered to take, whatever. This is the status, this is where I am at, I may need some help or whatever.”
Steve: Exactly. And then always make sure you kind of document, keep track of this stuff. Like I said, a lot of your volunteer efforts aren’t necessarily going to be appropriate for you to, you know, talk about or blog about something. But there are things you want to keep track of for you or for the next interview that you have. They are good stories and they’re appropriate in those places to talk about that.
Carlos: Sure, exactly. But I think overall consistency then is the key. To consistently kind of be out there, making yourself available. Again, doesn’t have to be 24/7 but doing something on a regular basis.I think about like the MacDonald’s, that’s a big brand. But you’re going to walk into a MacDonald’s in Kansas, in California, or in the Congo. You’re going to know the layout and you’re going to know you’re going to get a big Mac and it’s going to be pretty much the same. I think that’s what folks are looking for from a brand. It’s some consistency and if you’re willing to put in that effort, then you can built that brand. Again, hopefully the opportunities will come your way.
Steve: Right. It’s like I said, it doesn’t have to be a ton of time, maybe you go on Twitter once a week or LinkedIn once a week and you post something or you respond to something. You provide that consistency that Carlos is talking about, just on a regular basis.Again, ultimately at times stop and look at you profile, then pull up your particular profile. Like I go to Twitter and look at Way Out West, I just see kind of what I posted there and how that looks. Or I go to LinkedIn and just kind of look at my status activity because when somebody goes to look at my career, that’s what they look at. Not all the stuff that I’ve done a few minutes here and there. They kind of see it as one group, so I want to show that.
Carlos: Well, thanks Steve. I do appreciate the conversation. I think there has been some valuable information shared.
Steve: My pleasure.
Carlos: Before we let you go, just a couple of standard questions that add a little bit of value to those listeners. One of the things I would like you to talk about is some of the favorite SQL tools. This can be a paid tool or a free tool, whatever. What’s your favorite tool and why do you use it?
Steve: What’s my favorite tool? Right now, in terms of what I do which is a lot of kind of ad hoc just variety of touching things SQL Server, has to be SQL prompt. I worked for Red Gate software, and they make SQL prompt. But it’s one of those tools that’s absolutely incredible for me. Because a lot of times when I’m trying to find out what a parameter is or I’m not sure what the next way to write code is, that comes up very often, pops it up and it’s really handy.I’ve been using this since before Red Gate actually purchased the tool and so it’s amazing to me. It’s quite noticeable when I’m on an instance that doesn’t have prompt installed in magic studio. I don’t love the Microsoft Intellisense. I haven’t tried in 2016, but certainly in previous versions, it was less helpful. No Intellisence is difficult for me at times because I’m expecting things to be here. That’s a tool I use a lot.
Carlos: So we’ve been talking a little bit about branding and I guess I’m wondering if there is a favorite story or experience that you’ve had around branding or the data field that has helped you or can capture why it is that you enjoy what you do.
Steve: Why do I enjoy branding? There are several stories. I certainly have no shortage of stories where somebody has gotten a job through their brand on social media or somewhere else. But one of the things that really helped me early on in my career figure out where the branding matters is my wife. She spent 20 years in high technology, I think she worked for six or seven companies and eight or nice different jobs in those times.But in all that time, she really only had to send out groups of resumes once. She got one job. She is very personable, she’s been good technically at her job. But the efforts that she’s made to always get to know other people, network well, talk about her experiences with the managers, has paid off. In all that time in her career in the 20 years, she was constantly being called by people to say, “Hey. I have a job for you or send me your resume because I have a position that I would like to get you hired for.”
And that worked out great for her and even although she left technology four years ago and started her own business, self-employed, she’s been called every year by people that know her that say, “Hey, would you like to come work for us again?” To me, that’s an example of an amazing brand, maybe an extreme example. But it worked out really well for her and I’ve seen plenty of other people have small levels of success just with some networking and a little bit of social media and then blogging or being good at their job.
Carlos: OK, we have one more question. But before we do that, Steve, we would like to take a second for our listeners to hear about another way they can learn about SQL Server.[commercial break]
Carlos: OK, Steve. For our last question, if you could have one super hero power, what would it be and why would you want it?[laughter]
Steve: One super hero power, I think…I don’t know. I need something to heal my knees and joints right now because I’m getting older.[laughter]
Steve: I’m almost 50 and I’m struggling. So maybe healing, maybe healing is my power right now as I’m almost 50. Actually, I pulled a hamstring yesterday playing baseball, so I’m limping around today. Healing, if I could be a super healer, I think that would be what I want.
Carlos: Well, very good. Thanks again for being on the show, Steve. We do appreciate it. As always compañeros, we’ll see you on SQL trail.
Robert Verell and I chat about good security practices and the principle of least privilege. We discuss Robert’s rule to never give anyone db_owner, other groups and Robert’s home grown group to give instead of db_owner.
Robert Verell on Twitter
What to use instead of db_owner
Transcript: Principle of Least Privilege
Carlos L Chacon: Welcome to the SQL Data Partners Podcast. My name is Carlos L Chacon, your host. This is episode five.
Today, we’re talking about roles and responsibilities in the “Principle of Least Privilege,” with my guest Robert Verell. Super excited to have Robert on today. He’s been able to do some pretty interesting things in his environment. I’m glad that we’re going to be able to share that with you today.
As always, you can check out our show notes at sqldatapartners.com/podcast for today’s information, and for previous podcasts episodes. We are on iTunes, and if you like today’s episode, I invite you to give us some feedback. Rate our program, and let us know how we’re doing. If there’s something you’d like to hear about, we’d like to get that information as well.
If you feel so inclined, we invite you to subscribe to our channel so that you’re always getting the latest information, the latest podcast that we’re putting out. With that, let’s get in to it and welcome to the show.
SQL Data Partners
Carlos: Compañeros! Thanks for tuning in today.I would like to introduce our guest, Robert Verell. Robert’s a DBA for Cigna-HealthSpring, where he has worked as a senior database administrator for seven or eight years now. He’s a Microsoft certified IT professional. He hails from Nashville, Tennessee. Robert, welcome to the program.
Robert Verell: Hi, Carlos. Thank you for having me.
Carlos: So Robert, tell us what you’re doing these days and where people can connect with you.
Robert: Well, I’m speaking at SQL Saturdays. That’s always a great time. Also I’m pretty active on Twitter. This year I’ve launched my blog and you can go to that on sqlcowbell.com. That’s also my handle, if you will, on Twitter. It’s @sqlcowbell. It’s S-Q-L cowbell. So I’m real easy to find.Usually if you send me some kind of message or anything like that, I’m fairly quick to respond.
What I’m currently working on is I’m working for Cigna-HealthSpring. On the Cigna side, we’re developing an internal cloud. They’re doing database as a service on that end.
There’s a lot of challenges to that. There’s no elevated rights for anyone, so we had to figure out how to develop certain ways of doing a request. Since you don’t have elevated rights at the server level, you’re not able to create logins. So how do you do that?
You have an interface, obviously, that someone can go to and say, “I would like to have this user set up as a login in my database and give them these rights.” Basically, they pass in some sort of [inaudible 03:13] directory name, and that gets sent over to a procedure that I’ve written, and it’s set all that up for them.
Carlos: That’s one of the reasons that we wanted to have you on the show today, Robert, is that principle of least privilege. How simple server roles can help us attain that.I know in the past, you’ve given a presentation about these roles and I know that in your current position you’re working a lot with this. I thought you’d be perfect to come in and chat with us about some of the nuances or difficulties that we might have. Also, because you’ve been able to be successful, how folks can actually get over the hump and implement this.
When we talk about the principle of least privilege, I guess we’re talking about giving users only the rights that we need.
Robert: That’s correct, and Brian Kelly, if you’re familiar with him, he had a blog post back, several months ago that I read. It really hit home with me. As far as giving privileges to people on a database, if you follow the principle of least privilege, you should go all the way down to the column level. If someone does not need to be able to see certain columns in a table, then they should not have rights to it.That means going all the way down and getting granular and going that deep with it if you want to strictly follow the principle of least privilege. Now, I’m not telling anybody to go out and follow that to the letter, because I can’t even imagine trying to administrate that. [laughs]
Carlos: Yeah, that’s a…Lots of overhead there.
Robert: There is a good bit of overhead there, yes. At the same time, you want to make sure that you have a secure environment. You want to make sure that people have rights to things that they need, but not things that they don’t need. In case of any kind of malicious breach or something along those lines.If someone has access to sensitive data that they really shouldn’t or don’t really need to have access to, and their credentials were compromised. Now you’re talking about your organization having to send out apologies to millions of people, and losing money and a stock drop, and things like that. You just don’t want that on your conscience or on your permanent record, as it were.
Carlos: Sure. And I think, while there may be folks kind of gunning for that, the column-level security, ultimately what we’re talking about today is much, much higher than that. Providing at least some initial environment where you can begin to — I don’t want to say, “lock things down.” Only give users what they need to make, your environment a little bit more secure.As we’ll talk about a little bit later, potentially avoid an opportunity where you may be unable to provide services that you thought you were going to be able to provide.
Robert: That’s correct. Absolutely. If…
Carlos: So…I apologize. Let’s go ahead and jump in to some of the justification that users might request or things that our database administrators are getting requested with. Why they might default to those elevated privileges. Because that being the administrator role or in the case of the database and SQL Server database, the db_owner role. Right?One of the ones that kind of jumps out to me is creating databases. I think we’ve all been in that environment where we have a third party application that wants to install something, and it needs to create a database.
Robert: Sure. There’s a common misconception that in order to be able to create databases, that you need sysadmin rights. That’s a fallacy.If you give someone the db_creator role at the server level, then they will be able to create databases as they need to.
Carlos: Right. That’s a very good example of saying, “Well, here’s what they need to do. There is a level of functionality a little more granular that will give them that opportunity to do that.
Robert: That’s correct. Yes.
Carlos: I think another one that you point out is create logins.
Robert: Sure. In order to create logins, you don’t have to have the sysadmin rights in order to create a login on a server. If you give someone the security admin server role, then they’ll be able to do that as well.With the security admin role at the server level, there is a little bit of a loophole here and Microsoft admits this as well. It’s that if you have someone who is in the security admin role, they’re able to give someone sysadmin rights. So you could potentially set someone up with security admin and then they could turn around and just give themselves sysadmin rights.
Robert: From that perspective, I’m not going to say give that widespread, because you really shouldn’t. But if you do have to give someone that, make sure you audit. There’s something along those lines. Make sure you’re looking over that or have some sort of policy based management or alert set up that makes sure that that’s monitored. To where you can know if someone is making server side changes on roles or database roles.
Carlos: Sure. That kind of goes into then keeping up with your environment, so that you’re aware of what’s happened and changes that are going on in the system.
Carlos: One of your ideas was that we should not be giving anybody db_owner ever.
Robert: Ever, ever. I will take that to the bank. I will take anybody. Any challengers. Any and all on that. [laughs] The reason why is…The biggest thing with db_owner is you have explicit and implicit permissions.When you give someone a database role, such as db_datareader, that implies that they will be able to read any table or view. Basically run a select statement against any object in the database.
With db_owner, the implied permissions are astronomical. They’re beyond anything that anybody really has to have if they’re doing development work. The biggest implicit permission that comes with db_owner is the alter database permission.
This brings in a whole list of things that you can do that from an administrator perspective, you don’t want anybody else working on. It gives someone with the db_owner permission the ability to add data files.
Let’s say you have all of your data files are nice and neat. You have a dedicated drive for them. But the developer comes in and they run out of space for whatever reason while they’re running something at nine o’clock at night. And they decide, “Well, we need more space.”
“I know that there’s space on the C drive, so I’ll just put a new data file out on the C drive and we’ll just let it grow forever. We’ll let it grow as long as it will go.” Eventually, that will of course fill up and then you’ll have a C drive that’s full. You may have a server that goes down. [laughs]
From production to dev, that’s never a good thing, because that still halts development work even if it is a development server. Another thing that the alter database permission gives is the ability to change things like the recovery model.
Let’s say in a non-prod, but higher environment, such as a UAT. Or maybe you have an integrated testing environment where you’re wanting to test things very much like production. You have transaction log backups. You want that kind of similarity to production.
If they’re able to change that recovery model or maybe you have it in simple. OK?
Robert: And you’re not taking transaction log backups. They could to in and change that recovery model from simple to full. Now all of a sudden, two hours later, now you’ve got a full transaction log on one of your testing databases because you’re not taking transaction log backups. [laughs]
Carlos: That’s right, and the application grinds to a halt.
Robert: Sure. On the flip side of that, if they switch from full to simple, now you’re trying to take transaction log backups. Those jobs are going to fail. You’re going to lose any kind of restore chain that you potentially have, because you got to change from simple back into full. And then take a full backup before you can start taking transaction log backups.
Carlos: Yeah. This was the big one for me. I thought that idea of breaking the backup chain…That’s that example of, so it’s database administrators, right? We always think of job number one as being able to make the data available. The source of that or the core is in those backups.If a change is made there or even if a full backup were to be taken and it breaks up our backup chain. We then put ourselves in jeopardy of being unable to provide that service to our users that they’re expecting. Things can get complicated very, fairly quickly.
Robert: Absolutely. The last one, and this was always the biggest kicker for me. I know you said “the restore chain” is big for you, but the alter database permission allows a user to take a database and take it offline.The biggest thing isn’t just that. It’s that you can take it offline and then you’re not able to bring it back online, because you have to be in the sysadmin role to be able to do that.
Carlos: There you go.[laughter]
Carlos: So they’re clicking around in the GUI and oops!
Carlos: And there you go. Just between you and me, Robert, have you ever had anyone do that?
Robert: Yes, I have.[laughter]
Carlos: Ooh! Well, there you go. I guess I consider myself fortunate now that that has not happened to me.We’ve just discussed some of the reasons why we don’t want to be giving the db_owner role to our users. We have this concept of role or kind of dividing and conquering some of the permissions that are available. We’ve already talked about the db_creator role and what that means.
We’ve also discussed the security admin as well.
Those are probably the two big ones or at least that I’ve more used. Any of the other roles that you want to talk about? The default SQL Server roles that you use on a regular basis?
Robert: At the server level, there’s really only one. I’m of the opinion that a lot of the server roles are…I don’t want to call them “useless.” I can see where there would be certain times when you’d want to give that role versus giving someone sysadmin rights.But I believe they’re really specific to maybe some special environment of some sort. Like disk_admin, which allows you to manage disk space and manage data files and log files. That’s something that you would assume a DBA would do, not someone who’s going to…You would assume that your DBAs are going to have sysadmin rights.
Carlos: Sure. Yeah, potentially if maybe your [inaudible 15:31] person, maybe they didn’t have a DBA and I don’t know. The disk people wanted to get in there.
Robert: Sure. And they wanted to manage their own disk space for whatever purposes. That would be a good example, sure.
Carlos: OK. Ultimately, we talk a little bit about rolling our own and other applications that use these. Even in some of the more familiar ones, at least in my mind, within SQL Server include the role in MSDB. Right? Like database mail user role? If you create a mail profile and you want that user to be able to send mail, you grant them rights to the database mail user role. Then they can send email all day long.
Robert: Sure. Absolutely. There’s a lot of roles in MSDB. I’ll be perfectly honest. I don’t know what all of them do! [laughs]From an implicit standpoint…I don’t know what every single one of them does, but I can say that I know that one that I use pretty regularly is the operator role, the SQL agent operator role as well as the SQL agent reader role.
The reader role is a real big one, because it allows users to be able to view job history. A lot of times, developers will have automated processes. They want to see run times and things like that. And compare. That’s good. We want our developers doing that. As an administrator, you want them looking at those kind of numbers.
If you give them “view job history,” they’ll be able to view all that stuff.
The operator role is good if you have jobs that you’re wanting people to be able to execute as much as you want them to be able to. [laughs] That was kind of long winded on how I said that. Basically, if you have a team, and all you want them to do is to be able to execute jobs, then you can give them that role. And they’ll be able to execute any job on the entire server.
The reader role will allow you to do that as well, but you have to specifically own the job in order to do that.
The operator role also allows you to be able to create jobs. But if you do not have them set up with any other kind of permissions in any databases or anything like that, then they won’t be able to run any kind of TSQL. If you don’t have any proxies set up for them, then they won’t be able to run SSIS packages or anything like that.
Carlos: Compañeros, one of the things we’re trying to do is to get some information out there. I think what Robert just said was huge. Giving users the reader role to your jobs is one that I see in a lot of different places, particularly your SSIS packages and other things that might be there. There is a way to give them that privilege without giving them the keys to the kingdom.I think that that’s something will be of value to a lot of folks.
Robert: Sure. That’s good.
Carlos: It’s a right there kind of within our grasp. We just need to execute and grant that role. Another one I was going to talk about was the RS.exe role, which is both in MSDB and the Master DB. That’s for, obviously, reporting services. So for those who’re going to be creating subscriptions or publishing reports, we make sure that that role is available to them so that they can have that privilege.Most of the time I think that comes through the application when you’re adding them into recording services. But I have seen from time to time, mostly with my migrations, it doesn’t quite get set. It’s just another example of specifying roles that a user would get.
Robert: Yes, I agree, that’s actually a great example, yes.
Carlos: We’ve painted the picture, we shouldn’t be giving folks DB owner role. We’ve talked about why. Some of the other things, but now they’re saying, “Wait a second, I don’t want to be bothered every time a user needs to create a database, but maybe I don’t want to give them that DB creator role or there’s other things like they want to do traces.”Another one that haven’t talked about is viewing dynamic management views. So that if they want to be doing a little tuning or performance and you don’t want that person to be coming back to you all the time requesting these little one-off permissions.
Robert: Sure, understandable. I can certainly respect the need to want to see that kind of data. Because, as stated earlier, we want our developers to be able to go in and view those kinds of things. So that they can tune their queries and we have a good, stable, fast running, environment.When developers and DBAs get along then your end users are very happy as well and your organization is happy as a whole. As far as the DMBs…
Carlos: I think we can also do the view database state or view server state, if they wanted to give them the whole server levels.
Robert: That’s right, yes.
Carlos: Would be another way to do that.
Robert: Yes, there’s many ways to do that, that’s correct. [laughs]
Carlos: Another part that I wanted to get to was your development and putting together of these roles or some of these permissions into a script or into a role that you’ve called DB developer.
Robert: That’s correct. I’m really big on this role, it’s something that I use in my organization and our shared development environments that we have. It gives developers the ability to develop in a shared environment without having the DB owner role.There’s no risk from my perspective about having any of the things that we talked about earlier. We’re saying, “Well we don’t want to mess with any kind of restore chains” or, “We don’t want someone accidentally dropping a database” or, “We don’t want someone changing a symmetric key that we don’t want changed.” [laughs] Just as some examples.
It gives you the ability to do all those things that you want your developers to work on, which includes stuff like being able to script out objects so you can see the code behind things. There’s not a role that gives you that except for the DB owner role.
My DB developer has that permission in it, where you can still do those things.
Carlos: Robert’s been very generous with us compañeros, and he’s going to make that script available for us on his site. We’ll have the link in the podcast notes, we hope that you’ll check that out and start playing with that.Another way that we can help manage some of these permissions, and this is more from an administration perspective and I think we’ve been headed in this direction for a long, long time. That is in the using groups for permissions.
Robert: Yes. I strongly recommend using groups. It’s recommended by Microsoft to do so. Basically the way that my environment is set up is, we have groups set up for anything that we think needs to have read only access. If someone needs that access we simply take their user and we put them into that directory group.Instead of going into the server and creating a login and creating a database user and then putting them into a database role. The reason why is whenever they change roles or if they leave the organization, it’s very easy to remove them out of those permissions.
If we’re wanting to remove them by using AD groups, all we do is take them out of the active directory group, that’s very easy to do. Whereas if we create a SQL login for them, then we have to login into the server, we have to delete the user and hope they don’t have any objects in the schema.
Then we have to delete the login. [laughs] There’s a decent amount more work that goes behind that.
Carlos: That’s a great point there. We can be assured that they’re not going to own any of those objects and it’s much easier to put them in or take them out. We even use that for our DBAs, creating that group and then adding them.That way, we know who has elevated privileges on a server, based on those groups.
Robert: That’s correct. That’s also another place where principle of least privilege can really come in. Let’s just take a really easy example. Let’s say that you have a server that was manually restarted. You know for a fact that on the Windows side that in order to be able to restart a server, you have to have administrator rights.You go into the server and you say, “OK, who has admin rights?” That basically narrows your list down of, “OK, well one of these people had to have been the person who did it.”
You can apply the same thing at the SQL server level. If a table is dropped, you can say, “Well I know that these are the people in this database that have the permission to drop these tables. It has to be somebody in this list.”
Carlos: Right. Making auditing a little bit easier there.
Carlos: I think that is going to wrap up our discussion on privilege of least permission. Is there anything else that you think we should hit on before we change gears?
Robert: No I think that’s good.
Carlos: OK. Robert thanks for this discussion about roles and permissions, I think it’s been valuable. I definitely think everyone should be checking out your DB developer role. I think it will be very, very valuable. As I’m always trying to create value for folks listening, I’d like to share another way that they can learn about SQL server.[music]
Carlos: Hello there compañeros, I want to tell you about a unique training opportunity that is unlike anything you’ve encountered. As a listener of this podcast you’re entitled to a special offer. SQL Cruise is a premier training experience set in the most unlikely of places, a cruise ship.Tim and Amy Ford have created a wonderful culture on SQL Cruise. With five or six technical leads from various industry sectors, you and roughly 20 other students will talk shop in classes while at sea. While you’re in port, you can enjoy the wonderful world we live in either by yourself or with the group.
The beauty of SQL Cruise is the unique relationships you will form with other SQL cruisers. Worried about leaving your spouse? Bring them along. I did and she had a great time with the group. In fact, I have been on SQL Cruise twice and I’m looking to go a third time.
You may be wondering if this is serious training and I can assure you it is as good as any conference you will attend on land. It never crossed my mind that I could be talking about SQL server with several Microsoft MVPs on the beaches of St Johns.
I know you must have other questions so I suggest you head over to SQLCruise.com and check out the site. Once you are satisfied and you want to sign up, when you get to the question, would you be so kind to share the name of who referred you and what source material led you to us?
You enter SQL Data Partners and Tim will ensure you get $100 off the training registration. This is a great offer and I hope this $100 savings will entice you to check out the site. I did and went on the Caribbean cruise and had a great experience and I know you will too.
Maybe I’ll see you on board. So head on over to SQLCruise.com and use the code SQL Data Partners to save $100.
As we’re wrapping up here Robert, we have a couple last questions we’d like to have you share a little bit more about yourself. What’s your favorite SQL tool? It can be a paid tool, free tool, but what tool do you like and why do you use it?
Robert: That’s a really tough question. There’s a lot of tools that I use that I like. SSMS is my favorite tool.[laughter]
Robert: I’m kidding, I’ve got a better tool than that. If I had to give a really good tool to use, I would say probably Spotlight by Dell. That is probably the one that I really enjoy. It give a lot of really good data and the visualization of it, to me, is what really, really does it for me.I love other products by other organizations out there and I actually use them. I’m fortunate in my environment to have a lot of toys, as it were. In my opinion, Spotlight is something that I’m into every single day. I’m looking at stuff every day in there and evaluating things in there.
Carlos: OK. The Dell tool, that’s paid. It is interesting actually, I went to a session by Adam Machanic once and he talked about monitoring. To me, Adam Machanic is one of the people writing that knows so much about SQL server.
Robert: He’s forgotten more in the last day then I’ve learned in the last year.[laughter]
Carlos: That’s right. One of those people. He made the comment, he’s like, “Oh well, I would put a monitoring solution in all of my environments.” Interesting that, while yes, you could homegrown some of your own, that ability to have a product that is stable, is consistent along all of your environments and then be able to give you some of that history. I thought that was an interesting comment.We’d like to hear about an instance or experience that you’ve had that helps you remember why it is that you enjoy being a database administrator.
Robert: That’s really tough, do I have to limit it to one?[laughter]
Carlos: We are looking for just that one.
Robert: OK. If I had to give stories, I could mention SQL Saturdays, those are always great. Another one that I’ve done is, I’ve done a couple data center migrations and those are fantastic. You learn a lot during those, but I would say, probably one of the best DBA stories I had is something that I actually made a blogpost about.It was where I basically implemented compression earlier this year. Simply by compressing a partition in a single table, a nightly load increased by probably 20%. I was simply amazed by that. That was incredible for me, that’s the one thing that sticks out to me.
The reason why it was so big is because it was something that I had wanted to do for a long time. I had partially implemented it back six months ago, or something like that. Then two or three months ago when I got around to finishing it up and getting it completely done, the day that I got it completed, they came through. It ended up being one partition in one table that I compressed that you really did a lot of good work from it.
It was just a really good feeling to be able to implement something from an administrative side. Developers all the way down to end users saw a great benefit from it. They felt that it was a really good thing and they wanted to know where my magic wand was.
Robert: When you do things like that, it really does make you feel good and it makes you feel very proud. That’s the best I got.
Carlos: Sure, very good, very good. Any time we can add value there to the business, polish our credentials a little bit if you will. It makes us feel good. Very good. Before we get to the last question, want to remind folks if they want to connect with you via Twitter, they can do so at SQLCowbell. You have your new blog at sqlcowbell.com.For our last question Robert, if you could have one superhero power, what would it be, and why would you want it?
Robert: I’m going to go with…That’s a really tough question.[laughter]
Robert: I’m going to go with the ability to see the future.
Carlos: OK. There you go, divination, whatever that…
Robert: Yes, that’s a great word for it, yes.
Carlos: Very good, very good. Well Robert, thanks again for being on the show. I had a great time. I think the folks who are listening will be able to learn a lot.
Robert: That’s great, and Carlos, thank you for having me. It’s been a pleasure. As always, I enjoy talking with you. I’d love to be back on if you ever wanted to have me. I’m an open book. If you reach out to me on Twitter, I am more than happy to answer any questions. I’ve even answered questions to people who have written in Japanese kanji before.[laughter]
Carlos: Nice, man of many talents.
Carlos: Thanks again Robert. We’ll see if we can have you on again. Compañeros, thanks for tuning in. It’s been another great show. We’ll see you on the SQL trip.[background music]
SQL Data Partners.
For each SQL Server database installation there are several accompanying system databases that help keep SQL Server running and functional. They store information about security, what the server is doing, and how the system should process certain functions. The TempDB database doesn’t keep permanent information–in fact, each time SQL Server restarts, the TempDB database gets purged and re-built as if it is a new database. Why then should I care about the TempDB database? Well, I am glad you asked.
Lots of Hats
The TempDB database has several functions it handles; some of which include: Sorting, local and global tables, index re-organizing, hash comparisons, XML Variables, spooling, triggers, snapshot isolation, and other internal functions. In short–it is the workhorse of the environment and ALL databases on the system will interact with it at some point, so the configuration becomes very important.
Because local table variables and hash joins are stored in the TempDB database, queries that use these objects/functions have a part of their processing done in the TempDB database. When a query needs to move a process to TempDB, it creates a worktable and write data out. What happens when I have 1,000 transactions per second and all of them have a hash join? I will have a line out the door of threads waiting to be able to write to TempDB for their turn. I can potentially have GAM (Global Allocation Map) and SGAM(Secondary Global Allocation Map) contention. Also, because these processes are dependent for a transaction to process, the speed in which than can be written and read becomes important.
Providing some relief
There are two recommendations that can provide immediate to your TempDB environment. The first is to create multiple TempDB files of the same size. This will help alleviate the SGAM contention. The second is to move the TempDB data files to the fastest disks in the system and/or to the most number of spindles as possible. TempDB is the first candidate for Flash drives should the entire system not be able to take advantage of those disks.
How large should my TempDB files be? Determining the size of the TempDB files may be a bit of trial and error; however, if you have databases already on the system, one way to help make a decision is to run DBCC CHECKDB WITH ESTIMATEONLY to get the size the CHECKDB command uses.
How many TempDB Files should I have? While there are varying ideas, the one I hold to is 1 file per CPU core up to 8 files. Monitoring will help provide insight if more are needed in the future.
A re-post of a posting at b2bsol.com.
Too many organizations do not have adequate protection of their data and are susceptible to data loss. While security is important and you might think this post is about implementing policy to limit your exposure to hacking, I am talking about something much more basic than that–I am talking about database backups. A database backup is the first step in ensuring data availability and limiting exposure to corruption or human error.
What kind of backup strategy do you need? Well, what is your tolerance for data loss?
To help you answer this question, there are two components you need to consider.
RPO – Recovery Point Objective
TechTarget defines RPO as “the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure.” My definition would be something like–the moment in time you want to be able to restore to. If you experience corruption or disk failure, how close do you need to get to that point in time? Defining this metric–which will vary from system to system, will give you your RPO.
RTO – Recovery Time Objective
TechTarget defines RTO as “the maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs.” My definition would be–The time needed to restore a system to usable functionality. I should note this time would include the alerting and response of your team if user intervention is required.
It would be easy to say, I want less than 1 second of data loss (RPO) and less than 5 minutes of downtime (RTO); however, don’t expect to pay TGIF prices for Ruth Chris service. Microsoft has made great strides in giving SQL Server many options for High Availability and Disaster Recovery and the ability to keep the system up ; however, none of these solutions remove the requirement to take backups. The amount of history you keep will depend on your business requirements and the costs associated with keeping that storage.
If your organization does not have the RPO and RTO points defined, it is definitely time to make it happen.