| Security |
| Database Security. |
| The DBA can set up the DBMS such that only certain users or certain application programs are allowed perform certain operations to the dataset e.g. only admissions are allowed create records for students, only library are allowed to create records for books etc. Different checks can be established for each type of access to each type of information in the database. Different users should have different access rights to different objects. |
| SQL provides two methods for implementing security restrictions. These are: |
- Views - can be provided to hide sensitive data.
- GRANT/REVOKE - grant or remove access privileges to specific users for specific tables.
|
| There is, however, a major drawback to SQL security. |
| |
| SQL Security |
| Security in SQL is essential for the following reasons: |
| The view mechanism allows the database to be conceptually into pieces in various ways so that sensitive can be hidden from unauthorized users. However, it not allow for the specification of operations that users may execute against those pieces. |
| The above function is performed by the SQL statements GRANT and REVOKE (note that INFORMIX also has an extra statement LOCK TABLE). |
| |
| Drawbacks to SQL security |
| There are two main drawbacks associated with SQL security mechanisms. These are: |
- The granularity of the authorization
- There are many ways of executing the same query.
|
| Like other systems, the security provided by SQL is not perfect - a would be infiltrator may possibly find a way of breaking the controls. In situations where data is sufficiently sensitive several other methods would have to be implemented - these include audit trails and data encryption. |
