Understanding Relational Databases and Assessing Their Security - High-Performance Web Databases: Design, Development, and Deployment - page 772

Databases Reference

In-Depth Information

users access only to that subset of data they require to perform their jobs.

For example, a view of the EMPLOYEE table could be created and granted

to managers so that only the records of employees in the manager's depart-

ment can be accessed.

In the planning and design stages, the privileges to objects should be

defined for all user. To facilitate this process, common database privileges

can be grouped into roles. usually on the basis of shared job function.

Using roles eliminates the need to create and maintain individual privileges

for each user. In building applications, therefore, systems developers

should create previously identified roles, grant privileges to these roles,

and assign the roles to users who share related job duties.

As a final step, audit controls should be put into place, It is important to

audit only those areas essential for ensuring system security. Audit options

should be carefully selected to avoid performing superfluous audits that

might degrade system performance and to ensure that audit reports are as

concise as possible.

CONCLUSION

Security administration should be well supported by a relational database

product. The mechanisms used to manage users and database privileges

and the availability of roles and of other enhanced features should provide

sufficient flexibility to implement the organization's security policies.

Because today's computing environment changes rapidly, it is also

important for a product to be able to evolve to take advantage of emerging

technologies. The security challenges posed by recent developments in

client-server computing and distributed databases only dramatize the

need for database systems that can adapt to the computing environment

of the future.

Notes

1. Trusted Computer System Evaluation Criteria, DOD 5200-28-STD, United States Depart-

ment of Defense, 1985; Trusted Database Interpretation of the Trusted Computer System

Evaluation Criteria. NCSC-TC-021, Version 1, United States National Computer Security

Center, 1991.

2. Information Technology Security Evaluation Criteria, Version 1.2, Commission of the

European Communities. CD-71-91-502-EN-C, 1991.

3. R. Allen and B. Maimone, “Methods for Resolving the Security vs. Integrity Conflict,“

Proceedings of the Fourth RADC Database Security Workshop

(Little Compton, RI. April

1991).

Next Page

High-Performance Web Databases: Design, Development, and Deployment

Search WWH ::

Custom Search

Home