Manualshelf

SQL/MP Installation and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Planning Database Security and Recovery
HP NonStop SQL/MP Installation and Management Guide523353-004
4-3
Sample Authorization Schemes
°
The tables, views, and indexes are secured for access by servers; all
application use is through programs initiated by the application environment.
°
Queries on tables or views are limited to the database administrator and the
super ID user.
The most important security factor in this environment is securing the catalogs from
unauthorized DDL statements that could alter the database or from any operations
that could allow an unauthorized program to be registered.
Development system
In this system, many user groups share the same or similar databases while the
application passes from development to testing, to documentation, and finally to
release control. This scheme probably should use one or more catalogs for each
user group.
Characteristics of system use are:
°
Each user group needs control of the database and the ability to register
programs in a catalog.
°
The user groups might share a database, and changes to the catalog
descriptions must be coordinated with each group.
°
If each user group uses a separate catalog, users will frequently copy tables,
dependent views, and indexes by using the DUP command.
The most important security factor in this environment is securing the catalogs and
objects so that users can perform the many development tasks. The catalog and
object security should be simple to allow an authorized user to duplicate the entire
application for the next phase of development.
Several unique application groups
These user groups share a system but have unique databases. This scheme
should use a system catalog plus one or more catalogs for each application group.
Users do not need to move or copy objects among these catalogs.
Characteristics of system use are:
°
Each user group has a database administrator to manage the database and
the application for the group.
°
Each user group wants autonomy and protection from the other groups. The
important security factor in this environment is the ability to restrict accidental
use by other groups.
For authorization in general, you should create the simplest authority and security
scheme possible. Dependent views, indexes, and programs should be owned by the
same user ID, and only that user ID should have purge authority. With this
authorization scheme, DDL operations and utility operations that can affect the entire
set of dependent objects, such as DUP, are simplified. Because anyone who has