Informix Guide to SQL: Tutorial
Chapter 11: Granting and Limiting Access to Your Database
Home
Contents
Index
Master Index
New Book
Summary
When a database contains public material, or when only you and trusted associates use the database, security is not an important consideration, and few of the ideas in this chapter are needed. But as more people are allowed to use and modify the data, and as the data becomes increasingly confidential, you must spend more time and be ever more ingenious at controlling the way users can approach the data.
The techniques discussed here can be divided into the following groups:
Keeping data confidential
When the database resides in operating-system files, you can use features of the operating system to deny access to the database. In any case, you control the granting of the Connect privilege to keep people out of the database.
When different classes of users have different degrees of authorization, you must give them all the Connect privilege. You can use table-level privileges to deny access to confidential tables or columns. Or, you can use a stored routine to provide limited access to confidential tables or columns. In addition, you can deny all access to tables and allow it only through views that do not expose confidential rows or columns.
Controlling changes to data and database structure
To safeguard the integrity of the data model, restrict grants of the Resource, Alter, References, and
DBA
privileges. To ensure that only authorized persons modify the data, control the grants of the Delete and Update privileges and grant the Update privilege on as few columns as possible. To ensure that consistent, reasonable data is entered, grant the Insert privilege only on views that express logical constraints on the data. Alternatively, to control the insertion and modification of data, or the modification of the database itself, limit access to constrictive stored routines.
Informix Guide to SQL: Tutorial
, version 9.1
Copyright © 1998, Informix Software, Inc. All rights reserved.
