HP 3000 Manuals HP 3000 Manuals
Designing Database Security Schemes
You can provide security for data at the level of the DBEnvironment
itself, or at the level of individual tables. At the DBEnvironment
level, you can provide CONNECT authorization to just those users who need
access.
ALLBASE/SQL also has several kinds of TABLE authorities, so that you can
control the kind of access that is possible for different users of each
column in each table. For each table, you should ask the following
questions:
Which users need to SELECT?
Which users need to add new rows or delete existing rows?
Which users need to modify existing rows?
You can classify the users with similar needs by creating a group and
then adding those users to it. Make a list of the user groups you need
to accomodate in the security design. For example, the Music database
might have the following groups and authorities:
---------------------------------------------------------------------------------------------
| | |
| Group Name | Type of Authority |
| | |
---------------------------------------------------------------------------------------------
| | |
| Managers group | ALL authorities on all tables |
| | |
| Announcers group | INSERT authority on Log table, SELECT on |
| | others |
| | |
| Librarians group | ALL authorities on Albums, Titles, and |
| | Composers tables |
| | |
---------------------------------------------------------------------------------------------
After creating groups, you can grant and revoke authorities to individual
users or groups for each table.
Do some tables require general access for most columns but restricted
access for some? For these, you can create views, which can be made
available to all users while the base table is restricted to those with a
need to manipulate all columns.