|
|
It's a fact of life that although storing and managing information is vital to the success of any business, having it fall into the wrong hands can bring a business down. As a result of this, database administrators have to be familiar with some complex security systems in order to protect a company's data.
The purpose of a database security system is to protect the stored information. There are various factors that you want to protect your data from; not only do you need to guard your database against attacks from outside the organization, but most of the time it's also vital to fine-tune access to sensitive database areas for employees inside the company (an obvious example would be locking access to personnel information so that only certain people can access salary details).
Security is a broad and complex subject. This chapter doesn't teach security theory; instead, you'll quickly look at the SQL commands and some database-specific commands that allow database administrators to configure their server's security. We'll present just enough so that you, the SQL programmer, will understand the basics of implementing security on database servers. If you're serious about learning more about security, you'll need to read a specialized book that's relevant to the database system with which you're working.
When implementing a security system, there are two fundamental concepts you need to understand:
Authentication is the part that deals with uniquely identifying users. This is usually done via checking for user ID and password combinations, but other methods such as fingerprint scanning are becoming increasingly popular.
Authorization takes care of the permissions an authenticated user has inside the database (what the user is allowed to do with his or her account). So, even if you log in to the database (you authenticate yourself), you may not be authorized to view or modify certain tables or other database objects.
With a modern Relational Database Management System (RDBMS), the administrator has a wide range of tools that help to fine-tune the security process and procedures. Although many of these features are beyond the scope of this book because they tend to be specific to particular database implementations, you'll learn how to deal with the basic security needs that are implemented in similar ways by all database software products.
In this chapter, you'll learn, with examples for SQL Server, Oracle, DB2, and MySQL, how to do the following:
Create and remove database users and assign passwords to them (this has to do with the authentication part of security)
Grant and revoke permissions to database users on the database resources (this has to do with authorization)
You'll also look quickly at the security provided by Microsoft Access.
|
|