Databases Reference
In-Depth Information
of running overnight
ETL
jobs, your NoSQL database might use MapReduce pro-
cesses to extract nightly data feeds on new and updated data. Document stores can
run reports using XQuery or another query language. Graph stores can use
SPARQL
or graph query reporting tools that extract new operational data and load it into a
central staging area that's then loaded into
OLAP
cube structures. Though these archi-
tectural changes might not be available to all organizations, they show that the needs
of specialized data stores for specific performance and scale-out can still be integrated
into an overall enterprise architecture that satisfies both security and ad hoc reporting
requirements.
Now that we've looked at ways to keep security at the application level, we'll sum-
marize the benefits of each approach.
11.1.3
Summary of application versus database-layer security benefits
Each organization that builds a database can choose to put security at either the appli-
cation or the database level. But like everything else, there are benefits and trade-offs
that should be considered. As you review your organization's requirements, you'll be
able to determine which method and benefits are the best fit.
Benefits of application-level security:
Faster database performance
—Your database doesn't have to slow down to check
whether a user has permission on a data collection or an item.
Lower disk usage
—Your database doesn't have to store access-control lists or visi-
bility rules within the database. In most cases, the disk space used by access con-
trol lists is negligible. There are some databases that store access within each
key, and for these systems, the space used for storing security information must
be taken into account.
Additional control using restricted
API
s
—Your database might not be configured to
support multiple types of ad hoc reports that consume your
CPU
resources.
Although NoSQL systems leverage many
CPU
s, you still might want to limit
reports that users can execute. By restricting access to reporting tools for some
roles, these users can only run reports that you provide within an application.
Benefits of database-level security:
Consistency of security policy
—You don't have to put individualized security poli-
cies within each application and limit the ability of ad hoc reporting tools.
Ability to perform ad hoc reporting
—Often users don't know exactly what types of
information they need. They create initial reports that show them only enough
information to know they need to dig deeper. Putting security within the data-
base allows users to perform their own ad hoc reporting and doesn't require
your application to limit the number of reports that users can run.
Centralized audit
—Organizations that run in heavily regulated industries such as
health care need centralized audit. For these organizations, database-level secu-
rity might be the only option.
