SQL Server Standards

Database Object Names

Names of all database objects, except columns, are prefixed with a lower case identifier as shown in the table below.

Each word in an object's name is capitalized and separated by an underscore. However, an underscore is not required between the prefix and the first word.

Matriculation_Date is more readable than matriculationdate.
Both tblAward and tbl_Award are acceptable.

Prepositions, conjunctions, and articles are used sparingly in column names.

Student_Count is less verbose than Count_Of_Students.

Column names are descriptive, and abbreviations avoided wherever possible.

School_City is more descriptive than City.

Column names are consistent throughout the database.

If a column is named Course_ID in one table, it is not named Section_ID in another.

Stored procedures begin with the identifier "usp" (user-defined stored procedure) to differentiate them from Microsoft's system stored procedures. This is also more efficient because when SQL Server encounters a procedure beginning with sp_, it first tries to locate it in the master database first.

Tables, views, and stored procedures are always fully qualified to ensure SQL Server follows a direct path to find it rather than searching through the master catalog.

Object Type	Prefix	Example
Tables	tbl + TableName tlkp + LookupTableName	tblCourse_Meeting tlkpMajor
Views	v + TableName v + TableName + __ + JoinTableName v + FunctionalName	vCatalog vFaculty__Courses vSubjects_By_Term
Stored Procedures	usp + Action + __ + Object	uspFind_Student_Name uspUpdate_Account
Constraints:
Primary Keys	pk + TableName	pkCourse_Meeting
Foreign Keys	fk + ForeignKey + __ + RefTableName	fkPub_ID__Publishers
Defaults	df + TableName + __ + ColumnName	dfAttendance__Event_Date
Index	ix + TableName + __ + ColumnName	ixStudent__Student_ID

Development Standards

All tables are in, at least, third normal form. Exceptions include tables used exclusively for reporting or as data collection stores.

For every table defined, at least one view is required. As many other views may be defined as are necessary. Application software refers to views instead of the tables themselves. This insulates the application from changes that are made to the underlying tables.

All tables, with the possible exception of very small ones with limited growth potential, include a primary key to guarantee uniqueness and enhance performance.

Keys composing the primary index must be consecutive and exist at the beginning of the row.

Referential integrity is maintained through the use of foreign keys. (A foreign key is one or more columns of a table whose values must be equal to a primary key or unique constraint in another table.) However, the use of foreign keys to enforce RDI is balanced with the corresponding performance overhead.

Datatypes must be appropriate to contents of column. UNICODE characters, nchar and nvarchar, are not allowed unless required for a specific reason.

Basic data validation is performed at the data level. That is, columns are defined with the correct size, datatype, and other characteristics. This is much safer than relying on programmatic constraints.

Table columns used in frequent search operations are indexed to improve efficiency. The DBA determines and defines the type of index required (i.e., unique, non-unqiue, cluster, non-clustered).

Tables are joined using the "JOIN" syntax. The older, less precise method using the "*-" or "-*" notation are no longer acceptable, as support for it will eventually be dropped.

Every attempt must be made to use stored procedures rather than dynamic SQL statements in Web and application development. Stored procedures are already compile, whereas dynamic SQL must be compiled every time it is run.

Tables with the potential for unlimited growth include a plan for purging and/or archiving before moving to production status.

Permissions

The owner of all database objects must be 'dbo'. To insure proper ownership preface object names with "dbo" when they are created, as in these examples:

Tables: CREATE TABLE [dbo].[tblTableName]
Views : CREATE VIEW [dbo].[vViewName]
Stored Procedures: CREATE PROCEDURE [dbo].[uspProcName]

Permissions are not granted directly on tables but on views and stored procedures instead. If a table is deleted in order to make structural changes, permissions are lost. However, permissions granted on views and procedures remain intact.

Permissions are not granted to individual login accounts but on roles. Therefore, individual users always belong to a role that defines the function they perform within SQL Server. This preserves permissions when users' roles within the organization change.

Security

Trusted security (i.e., Windows NT security) is used whenever possible in SQL Server 7.0 and beyond. Exceptions are the remaining generic accounts and accounts used by programs and the Web.

Individual logins are not granted permissions to objects; instead, individuals are assigned to roles which have the necessary permissions granted.

Personal login accounts are never placed in program code. If a program required SQL Server access, request a separate account.

Administration

The database administrator (DBA) defines and manages all objects in the production environment.

Developers request moves to production at least a week before they are due.

Database objects are moved to production status after being reviewed for adherence to the above standards.

Modifications are made and tested on the test server before they are migrated to production.

The test database server is not used for production applications.