Manualshelf

SQL/MP Installation and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Planning Database Security and Recovery
HP NonStop SQL/MP Installation and Management Guide523353-004
4-2
Security Guidelines
Security Guidelines
Authorization to operate on SQL tables, views, indexes, collations, and SQL programs
that run in the Guardian environment is maintained by the Guardian security
subsystem. Authorization for SQL programs that run in the OSS environment is
maintained by the OSS security subsystem. When planning security, consider the
needs or restrictions of all the users of a system, or a network of systems, in addition to
the needs or restrictions of a particular database.
When planning authorization schemes, consider:
What are the requirements for security on the system or network?
How many different user groups use the same database?
What are the anticipated requirements for cross security between databases or
user groups?
Which users should have the authority to change the data dictionary?
Which users should be given authority to purge SQL objects?
This discussion on planning authorization provides examples of authorization
schemes. Section 5, Creating a Database, lists security guidelines related to specific
types of database objects. For more information on Guardian security, see the Security
Management Guide.
Sample Authorization Schemes
Application needs on a system can define the needs for security authorization. Usually,
authorization schemes affect the number of catalogs you choose for your system. In
general, you should create the smallest number of catalogs logically possible, as
dictated by your business operations.
Three examples of possible application security and catalog schemes follow.
Production banking system
This system has a limited number of user groups but high business activity and
strong security requirements for database management operations. This scheme
probably should use one, two, or just a few catalogs.
Characteristics of the application are:
°
The production application should be valid without automatic recompilation.
°
The database should be stable because only a few changes would be made
for location, security, or other DDL operations.
°
Only the database administrator or the super ID user can perform DDL
operations, so that the catalogs are secured for access only by the DBA or the
super ID.