Database Reference
In-Depth Information
•
Access privileges must be revoked immediately for people who leave the
organization.
•
Access privileges must be granted to new employees. This may take the form
of a preliminary set of privileges as soon as an employee joins the organization
and upgraded privileges soon after the initial orientation and training.
•
When staff members move from one region to another or from one division to
another, their responsibilities change. Consequently, their access privileges
must be revised.
•
When employees get promoted to greater responsibilities, their need to access
information also changes. Their access privileges need revisions.
•
User groups or departments pick up additional responsibilities or shed some
current responsibilities. If group authorizations are in place, these will need
upgrades or downgrades.
•
For organizations using mandatory access controls, database objects may be
reclassified because of the changes in the sensitivity of the data content of these
objects. In these cases, the security clearances of users may need to be revised.
In large organizations where there are numerous staff movements, security
administration takes up substantial time. Special security administrators are
employed in such organizations to keep the security authorizations current.
The following is a list of the types of routine security functions in a database envi-
ronment after deployment:
•
Create new user accounts and assign passwords to new eligible employees.
•
Grant fresh set of access privileges to new eligible employees.
•
Upgrade or downgrade access privileges to existing employees.
•
Create, revise, or drop user groups or roles.
•
Create views for the purpose of tailoring access privileges to specific users or
user groups.
•
Deactivate user accounts of terminated employees.
•
Revoke access privileges of terminated employees.
•
Drop views that are no longer needed for security and other purposes.
•
Revise security classes for database objects and security clearances for users if
your organization uses mandatory access control.
Space Management
If you are a DBA, every morning you will be monitoring the space utilization of
your production database files. You cannot let any production files get completely
filled up and stop any transaction from completing for want of space in the middle
of the day. Space management is a continuous activity for the DBA.
Some authorized users are also allowed to create test database tables and a few
temporary, private tables. Frequently, these tables are not dropped even long after
their purposes are served. Review of such obsolete tables and removing them also
forms part of routine maintenance.
Here are the routine activities relating to space management:
Search WWH ::
Custom Search