SQL Server's Declarative Management Framework (DMF) allows you to proactively regulate the configuration and operation of your SQL Server databases. You may declare security and best practice policies and then apply them to your database server.
Before we begin our discussion of DMF, it's important that you understand the basic language used with this technology:
- DMF Targets are the entities that you may apply policies to in DMF. They may be as broad as an entire SQL Server installation or as granular as a table or user.
- Management Facets are collections of properties within a target that you might manage. Examples of management facets include servers, stored procedures, logins and filegroups.
- Conditions are the clauses that you may use to create DMF policies on a management facet. Examples of conditions are usernames, account creation dates and password complexity policies.
- Execution Modes are responses that you would like SQL Server to take when a policy is violated. You may prevent changes that violate policies from occurring or simply create a log entry to alert administrators to the violation.
- Policies are combinations of conditions you declare against a target and the execution modes you want to occur if the policy is violated.
One of the most common uses of DMF in a SQL Server environment is to require that users comply with an organization's password expiration policy. Suppose you have a SQL Server instance named SensitiveServer that you want to comply with this policy. In this case, SensitiveServer is the DMF target. Within that target, you wish to create a policy governing user accounts, so you will use the Logins management facet. Specifically, you wish to create a condition that ensures the @PasswordExpirationEnabled field is set to True.
Creating a DMF Policy
So, how do you go about creating this DMF policy within SQL Server 2008? There are a few simple steps to follow. Click on the links for each step to explore the process in more detail:
- Create the DMF Condition
- Create the DMF Policy
- Choose the DMF Execution Mode