I’m pretty steamed about this challenge… The first challenge I can chalk up to me being a goofball – you got me good, Buck – my bad.  This challenge is something entirely different.  Let me state very clearly for the record – I KNOW, UNDERSTAND, and IMPLEMENT SQL Server Security with well-known best practices.  I take that very seriously.  I believe that the biggest reason for me not winning this challenge had to do with the intentionally vague requirements and not my inability to do these tasks.  The lack of info here is a bit of a hard sell for me…If security is SOOO important, then a conversation or two might be in order.  Just sayin'.

After the challenge, the judges gave us the grading script.  I absolutely dissected that thing and I must say that I disagree with some of what the "code" was grading.  The script was looking for certain names, hard-coded items and didn’t take my approach into account.  1) I used different names for roles (not specifiied in requirements) than the script was looking for, 2) I granted permissions to roles not users (a SQL Server best practice), and 3) I navigated the tables from the ERD, just not as "completely" as the script was looking for.  I'll take the hit on that one and I’m pretty sure this is where Stacy got me – why she won and I, again, got second!  She granted permissions to the key ID fields AND other ancillary fields that would better constitute a "sale" in the business sense.  In trying to keep the security tight, I didn’t make all those assumptions.  I guess I should have.  I feel like I nailed this challenge except for assumptions of the business definitions.

Unlike the first challenge, I did feel like I "finished", albeit right as time expired.  I was proud of what I had done.  Of course, I would normally handle these kinds of permissions using Stored Procedures and Views – never direct access to tables – because that’s another Security best practice.  I just didn’t have time.  During the challenge, I basically concocted a script to document my work so that the judges could follow me.  I think that helped in my presentation to them and think that they are seeing something worthwhile in my ability.  I garnered kudos for using roles and they were very complimentary of my use of the AdventureWorks 2005 ERD to understand the complicated relationships necessary to solve the challenge.

It’s abundantly clear that their tactic is to give us a 'simple' task in a VERY uncomfortable way.  Well played, Buck Woody, creator of all these crazy challenges. I'm adapting and getting more comfortable with you. I need a win! I know I'll get one.  I’ve been very close two challenges in a row now and it's getting OLD!

 

Want more? Judges tell all. The good, the bad and the (sometimes) ugly. >>