{"id":2071,"date":"2019-08-22T17:22:21","date_gmt":"2019-08-22T17:22:21","guid":{"rendered":"https:\/\/www.tiagoneves.net\/blog\/?p=2071"},"modified":"2019-08-22T17:22:28","modified_gmt":"2019-08-22T17:22:28","slug":"o-perigo-da-server-role-securityadmin","status":"publish","type":"post","link":"https:\/\/www.tiagoneves.net\/blog\/o-perigo-da-server-role-securityadmin\/","title":{"rendered":"O perigo da Server Role Securityadmin"},"content":{"rendered":"\n<p>Ol\u00e1 pessoal tudo certo?<\/p>\n\n\n\n<p>No \u00faltimo post eu falei sobre as <strong>\u201cserver roles\u201d<\/strong> e <strong>\u201cdatabase\nroles\u201d<\/strong> e a import\u00e2ncia de conhecer os n\u00edveis de permiss\u00e3o e acesso de cada\numa delas. <\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-tiago-neves-dba-sql-server\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"A730iLHnkY\"><a href=\"https:\/\/www.tiagoneves.net\/blog\/conhecendo-as-server-roles-e-database-roles-do-sql-server\/\">Conhecendo as Server Roles e Database Roles do SQL Server<\/a><\/blockquote><iframe loading=\"lazy\" title=\"&#8220;Conhecendo as Server Roles e Database Roles do SQL Server&#8221; &#8212; Tiago Neves - DBA SQL Server\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" src=\"https:\/\/www.tiagoneves.net\/blog\/conhecendo-as-server-roles-e-database-roles-do-sql-server\/embed\/#?secret=A730iLHnkY\" data-secret=\"A730iLHnkY\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>No post, quando eu falei sobre a server role <strong>securityadmin<\/strong>, eu falei que devemos ter muito cuidado ao conceder acesso nessa role, pois um membro dessa role pode conceder acesso para ele mesmo virar <strong>sysadmin<\/strong>. <\/p>\n\n\n\n<p><strong>Mas como assim Tiago? T\u00e1 loko??? <\/strong><\/p>\n\n\n\n<p>Os membros da role <strong>securityadmin<\/strong> tem a permiss\u00e3o de conceder permiss\u00f5es a n\u00edvel de servidor como GRANT, DENY e REVOKE, como podemos ver na imagem abaixo:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>EXEC sp_srvrolepermission 'securityadmin'<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"334\" height=\"328\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-20.png?resize=334%2C328&#038;ssl=1\" alt=\"\" class=\"wp-image-2072\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-20.png?w=334&amp;ssl=1 334w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-20.png?resize=300%2C295&amp;ssl=1 300w\" sizes=\"auto, (max-width: 334px) 100vw, 334px\" \/><\/figure><\/div>\n\n\n\n<p>Justamente por essa permiss\u00e3o de adicionar outros usu\u00e1rios na role securityadmin e conceder GRANT, \u00e9 nesse ponto onde mora o perigo. Se um membro da role conceder a permiss\u00e3o de <strong>GRANT IMPERSONATE<\/strong> a um usu\u00e1rio, ele pode simplesmente se adicionar na role sysadmin. <\/p>\n\n\n\n<p>Veja como:<\/p>\n\n\n\n<p>Vou criar um usu\u00e1rio chamado <strong>tiago.neves<\/strong> na instancia e conceder acesso a role <strong>securityadmin<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>USE [master]\nGO\nCREATE LOGIN [tiago.neves] WITH PASSWORD=N'123', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF\nGO\nALTER SERVER ROLE [securityadmin] ADD MEMBER [tiago.neves]\nGO<\/code><\/pre>\n\n\n\n<p>Vou logar na inst\u00e2ncia com o usu\u00e1rio &#8220;tiago.neves&#8221;, que acabei de criar.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"303\" height=\"190\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-21.png?resize=303%2C190&#038;ssl=1\" alt=\"\" class=\"wp-image-2073\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-21.png?w=303&amp;ssl=1 303w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-21.png?resize=300%2C188&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-21.png?resize=200%2C125&amp;ssl=1 200w\" sizes=\"auto, (max-width: 303px) 100vw, 303px\" \/><\/figure><\/div>\n\n\n\n<p>Apenas para validar o n\u00edvel de acesso do usu\u00e1rio:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT\n    SUSER_NAME() AS [SUSER_NAME],\n    ORIGINAL_LOGIN() AS [ORIGINAL_LOGIN],\n    IS_SRVROLEMEMBER('sysadmin') AS [IS_SYSADMIN],\n    IS_SRVROLEMEMBER('securityadmin') AS [IS_SECURITYADMIN]<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"446\" height=\"46\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-22.png?resize=446%2C46&#038;ssl=1\" alt=\"\" class=\"wp-image-2074\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-22.png?w=446&amp;ssl=1 446w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-22.png?resize=300%2C31&amp;ssl=1 300w\" sizes=\"auto, (max-width: 446px) 100vw, 446px\" \/><\/figure>\n\n\n\n<p>Agora come\u00e7a a brincadeira, vou dar um <strong>GRANT IMPERSONATE<\/strong> ao meu pr\u00f3prio usu\u00e1rio. Veja o perigo do GRANT IMPERSONATE.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>GRANT IMPERSONATE ANY LOGIN TO [tiago.neves]<\/code><\/pre>\n\n\n\n<p>Com a permiss\u00e3o concedida, sabendo que todo servidor tem um usu\u00e1rio SA, posso executar alguns comandos como SA ou at\u00e9 mesmo me adiconar na role <strong>sysadmin<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>EXECUTE AS LOGIN = 'sa'\n\nSELECT\n    SUSER_NAME() AS [SUSER_NAME],\n    ORIGINAL_LOGIN() AS [ORIGINAL_LOGIN],\n    IS_SRVROLEMEMBER('sysadmin') AS [IS_SYSADMIN],\n    IS_SRVROLEMEMBER('securityadmin') AS [IS_SECURITYADMIN]<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"449\" height=\"48\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-23.png?resize=449%2C48&#038;ssl=1\" alt=\"\" class=\"wp-image-2075\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-23.png?w=449&amp;ssl=1 449w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-23.png?resize=300%2C32&amp;ssl=1 300w\" sizes=\"auto, (max-width: 449px) 100vw, 449px\" \/><\/figure>\n\n\n\n<p>Agora estou com permiss\u00e3o de <strong>sysadmin<\/strong> e posso fazer\nqualquer a\u00e7\u00e3o no banco, como acessar qualquer base de dados ou tabela, alterar,\ncriar, deletar, destruir, fazer o que eu quiser com o usu\u00e1rio \u201ctiago.neves\u201d.<\/p>\n\n\n\n<p>Esse \u00e9 um dos motivos que \u00e9 recomendado a <strong>DESATIVAR<\/strong> o usu\u00e1rio SA.<\/p>\n\n\n\n<p>Vejamos o exemplo. <\/p>\n\n\n\n<p>Abri uma nova sess\u00e3o no banco com o usu\u00e1rio \u201ctiago.neves\u201d.<\/p>\n\n\n\n<p>Ao tentar conectar no banco \u201c<strong>Teste<\/strong>\u201d, vou receber um erro informando que n\u00e3o tenho acesso ao banco.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"65\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-25.png?resize=624%2C65&#038;ssl=1\" alt=\"\" class=\"wp-image-2077\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-25.png?w=624&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-25.png?resize=300%2C31&amp;ssl=1 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n\n<p>Mas como eu tenho a permiss\u00e3o de \u201c<strong>IMPERSONATE<\/strong>\u201d, posso executar o comando \u201c<strong>EXECUTE AS<\/strong>\u201d.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>EXECUTE AS LOGIN = 'sa'<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"449\" height=\"48\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-26.png?resize=449%2C48&#038;ssl=1\" alt=\"\" class=\"wp-image-2078\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-26.png?w=449&amp;ssl=1 449w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-26.png?resize=300%2C32&amp;ssl=1 300w\" sizes=\"auto, (max-width: 449px) 100vw, 449px\" \/><\/figure><\/div>\n\n\n\n<p>Apesar de estar logado no servidor com o usu\u00e1rio \u201ctiago.neves\u201d, agora estou com a sess\u00e3o como SA. Como podemos observar, antes eu n\u00e3o tinha acesso no banco de dados \u201cTeste\u201d, mas agora eu consigo logar na base de dados e executar comandos normalmente.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"460\" height=\"193\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-27.png?resize=460%2C193&#038;ssl=1\" alt=\"\" class=\"wp-image-2079\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-27.png?w=460&amp;ssl=1 460w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-27.png?resize=300%2C126&amp;ssl=1 300w\" sizes=\"auto, (max-width: 460px) 100vw, 460px\" \/><\/figure><\/div>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT *\nFROM teste<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"212\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-28.png?resize=624%2C212&#038;ssl=1\" alt=\"\" class=\"wp-image-2080\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-28.png?w=624&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-28.png?resize=300%2C102&amp;ssl=1 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n\n<pre class=\"wp-block-code\"><code>INSERT INTO Teste VALUES (2)\nINSERT INTO Teste VALUES (3)\nINSERT INTO Teste VALUES (4)\nINSERT INTO Teste VALUES (5)<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"123\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-29.png?resize=624%2C123&#038;ssl=1\" alt=\"\" class=\"wp-image-2081\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-29.png?w=624&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-29.png?resize=300%2C59&amp;ssl=1 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>UPDATE Teste\nSET COL1 = 0\nWHERE COL1 = 4;<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"123\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-30.png?resize=624%2C123&#038;ssl=1\" alt=\"\" class=\"wp-image-2082\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-30.png?w=624&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-30.png?resize=300%2C59&amp;ssl=1 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n\n<pre class=\"wp-block-code\"><code>DELETE Teste\nWHERE COL1 = 3;<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"97\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-31.png?resize=624%2C97&#038;ssl=1\" alt=\"\" class=\"wp-image-2083\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-31.png?w=624&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-31.png?resize=300%2C47&amp;ssl=1 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n\n<p>Para amenizar a situa\u00e7\u00e3o podemos criar uma auditoria para\nlogar os comandos executados na base, pois assim seria poss\u00edvel saber o usu\u00e1rio\nque executou os comandos, mesmo ele n\u00e3o tendo acesso na base de dados.<\/p>\n\n\n\n<p>Na base de dados \u201cTeste\u201d eu configurei uma auditoria que vai\nlogar todas as instru\u00e7\u00f5es SELECT, UPDATE, INSERT e DELETE. <\/p>\n\n\n\n<p>Como podemos ver, foram executas as instru\u00e7\u00f5es SELECT, INSERT, UPDATE e DELETE. Vamos conferir na auditoria quem apagou os dados ou quem alterou e inseriu os dados.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT event_time,action_id,server_principal_name,statement,* \nFROM Sys.fn_get_audit_file('D:\\XEvent\\*.sqlaudit',default,default)<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"136\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-32.png?resize=624%2C136&#038;ssl=1\" alt=\"\" class=\"wp-image-2084\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-32.png?w=624&amp;ssl=1 624w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-32.png?resize=300%2C65&amp;ssl=1 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n\n<p>Se n\u00e3o tiv\u00e9ssemos a auditoria habilitada na base de dados\nseria imposs\u00edvel descobrir qual usu\u00e1rio realizou todas as altera\u00e7\u00f5es.<\/p>\n\n\n\n<p>A consulta abaixo retorna os usu\u00e1rios que possuem o acesso ao \u201cGRANT IMPERSONATE\u201d.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT B.name Usuario\nFROM sys.server_permissions a\nJOIN sys.server_principals b ON a.grantee_principal_id = b.principal_id\nWHERE permission_name = 'IMPERSONATE ANY LOGIN'<\/code><\/pre>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"460\" height=\"182\" src=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-33.png?resize=460%2C182&#038;ssl=1\" alt=\"\" class=\"wp-image-2085\" srcset=\"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-33.png?w=460&amp;ssl=1 460w, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/image-33.png?resize=300%2C119&amp;ssl=1 300w\" sizes=\"auto, (max-width: 460px) 100vw, 460px\" \/><\/figure><\/div>\n\n\n\n<p>Seguran\u00e7a \u00e9 um assunto MUITOO s\u00e9rio e devemos ficar atentos\na todos os detalhes. Pelo incr\u00edvel que pare\u00e7a, \u00e9 muito comum encontrar ambientes\ncom usu\u00e1rios sendo membros da role securityadmin sem ser necess\u00e1rio.<\/p>\n\n\n\n<p>Bom pessoal, por hoje \u00e9 isso.<\/p>\n\n\n\n<p>At\u00e9 o pr\u00f3ximo post.<\/p>\n\n\n\n<p>Abra\u00e7os,<\/p>\n\n\n\n<p>Tiago Neves<\/p>\n\n\n\n<p>Curta a minha p\u00e1gina no&nbsp;<a href=\"https:\/\/www.facebook.com\/TiagoNevesDBA\" target=\"_blank\" rel=\"noreferrer noopener\">facebook&nbsp;<\/a>e fique por dentro das novidades do mundo SQL\nServer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ol\u00e1 pessoal tudo certo? No \u00faltimo post eu falei sobre as \u201cserver roles\u201d e \u201cdatabase roles\u201d e a import\u00e2ncia de conhecer os n\u00edveis de permiss\u00e3o e acesso de cada uma delas. No post, quando eu falei sobre a server role securityadmin, eu falei que devemos ter muito cuidado ao conceder acesso nessa role, pois um [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2065,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"twitter_91251433_91251433":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Seguran\u00e7a \u00e9 assunto s\u00e9rio hoje em dia, mas \u00e9 muito comum ver pessoas negligenciando os acessos, nesse post demonstro o perigo e o poder dos membros da Server Role securityadmin. ","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[277,220,16,26],"tags":[259,261,281,282,65,66,280],"class_list":["post-2071","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seguranca","category-sql-server-2017","category-sqlserver-2014","category-sqlserver-2016","tag-dbaremoto","tag-dbavitoria","tag-grant","tag-impersonate","tag-seguranca","tag-server-roles","tag-sysadmin"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2019\/08\/images.png?fit=248%2C203&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6eIyh-xp","jetpack-related-posts":[{"id":2414,"url":"https:\/\/www.tiagoneves.net\/blog\/sql-server-2016-esta-chegando-ao-fim-do-suporte-o-que-isso-significa-na-pratica\/","url_meta":{"origin":2071,"position":0},"title":"SQL Server 2016 est\u00e1 chegando ao fim do suporte: o que isso significa na pr\u00e1tica?","author":"tiagoneves","date":"27 de abril de 2026","format":false,"excerpt":"O SQL Server 2016 ter\u00e1 seu suporte estendido encerrado em 14 de julho de 2026, o que resultar\u00e1 na falta de atualiza\u00e7\u00f5es de seguran\u00e7a e suporte. Continuar usando essa vers\u00e3o traz riscos como vulnerabilidades e n\u00e3o conformidade regulat\u00f3ria. Planejar a migra\u00e7\u00e3o para vers\u00f5es mais recentes ou cloud deve ser prioridade\u2026","rel":"","context":"Em &quot;Seguran\u00e7a&quot;","block_context":{"text":"Seguran\u00e7a","link":"https:\/\/www.tiagoneves.net\/blog\/category\/seguranca\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2026\/04\/sql_server_2016_eos_v3.png?fit=772%2C702&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2026\/04\/sql_server_2016_eos_v3.png?fit=772%2C702&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2026\/04\/sql_server_2016_eos_v3.png?fit=772%2C702&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tiagoneves.net\/blog\/wp-content\/uploads\/2026\/04\/sql_server_2016_eos_v3.png?fit=772%2C702&ssl=1&resize=700%2C400 2x"},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/posts\/2071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/comments?post=2071"}],"version-history":[{"count":2,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/posts\/2071\/revisions"}],"predecessor-version":[{"id":2087,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/posts\/2071\/revisions\/2087"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/media\/2065"}],"wp:attachment":[{"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/media?parent=2071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/categories?post=2071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tiagoneves.net\/blog\/wp-json\/wp\/v2\/tags?post=2071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}