Database Reference
In-Depth Information
Asterisks
appear for each
keyed character
DBA enters
the database
password
DBA enters
the same database
password for
veriication
247
FIGURE 7-14
Assigning a database password to the Premiere Products database
After the DBA creates the database password for a database, as shown in Figure 7-15, users must enter it
correctly before they can open the database.
FIGURE 7-15
User enters database password to open the Premiere Products database
Authorizations
Using passwords is a security measure that applies to all users of a database; after users enter their passwords
successfully, they can retrieve and update all the data in the database. Frequently, the security needs for a
database are more individualized. For example, the DBA might need to let some users view and update all
data and let other users view only certain data. In this situation, the DBA uses authorization rules that spec-
ify which users have what type of access to which data in the database.
The DBA grants users specific permissions to tables, queries, and other objects in a database. A user
s
permissions specify what kind of access the user has to objects in the database. The DBA can assign permis-
sions to individual users or to groups of users. The DBA usually creates groups of users, sometimes called
workgroups; assigns the appropriate permissions to each group; and then assigns each user to the appropriate
group based on the permissions the user requires.
'
Views
Recall from Chapter 4 that a view is a snapshot of certain data in the database at a given moment in time. If a
DBMS provides a facility that allows users to have their own views of a database, this facility can be used for
security purposes. Tables or fields to which the user does not have access in his or her view effectively do not
exist for that user.
Privacy
No discussion of security is complete without at least a brief mention of privacy. Although the terms security
and privacy are often used synonymously, they are different, but related, concepts. Privacy refers to the right
of individuals to have certain information about them kept confidential. Privacy and security are related
because it is only through appropriate security measures that privacy can be ensured.
Laws and regulations dictate some privacy rules, and companies institute additional privacy rules. Varia-
tions in what information is kept confidential occur among organizations. For example, salaries at govern-
mental and many service organizations are public information, but salaries at many private enterprises are
kept confidential.
