Access control is a fundamental aspect of securing a database system, especially when storing high-value data. However, navigating the robust permission systems in SQL Server and Azure SQL can challenge even experienced DBAs. In this session, Andreas Wolter - former Program Manager for security in SQL at Microsoft - will explore the authorization capabilities of SQL Server and Azure SQL, explain the value of industry best practices such as “Role separation” and “Principle of Least Privilege”, and share insights from his many years working directly with customers. You will see live demos of security controls and learn why proper schema design for security helps keep data secure and at the same time manageable.