Using Granular Access Control - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

information sources, a new category of products has emerged in the past

few years. These products manage repositories of users and their profiles

and implement security policies for authenticating and authorizing access

based on identifying users and mapping them to static or dynamic roles.

These tools allow you to manage a complex entitlement model that spans

multiple applications and sources. Perhaps the most well-known issue that

is handled by these tools is that of single sign-on (SSO). A good SSO envi-

ronment means that once users have authenticated with the system once,

they will not be asked to authenticate again even when they traverse appli-

cation boundaries. A bad SSO implementation (or no SSO implementa-

tion) will constantly ask users for a username and a password, every time

they access a separate application. This, together with the fact that complex

enterprise environments may include tens or hundreds of applications that

users may need to access, is the reason why security and identity manage-

ment tools have been highly successful in the past few years and why a new

category of products has emerged. The main functions supported by secu-

rity and identity management tools are the following:

Support for heterogeneous environments and servers within a single

and consistent security model

Ability to manage virtually any resource, including applications and

databases

Central management of security information

Central management of user profiles

Configurable session management (e.g., session timeouts)

Full support for user provisioning

Definition of security and access control rules based on users, roles,

dynamic roles, and even through rules that match data in a user con-

text with conditions that determine whether the user should have

access to a particular resource

Support for personalized Web and portal content using a consistent

rule set regardless of the underlying provider

Policies and personalization based on IP addresses

Enhanced security attributes

Multigrained security (i.e., the ability to define fine-grained access

control on some resources and coarse-grained access at the same time)

Search WWH ::

Custom Search

Home