| Subject | Re: [firebird-support] Security |
|---|---|
| Author | agung wibowo |
| Post date | 2004-11-25T13:22:13Z |
1>we have sysdba account when we installing firebird for first time, and this account is a special account that is above security restriction, and has full accsess to all databases on the server. but remember, if you want to deploy your database, you must change password for sysdba account. this is the first security database level [user validation].
2 and 3> to prevent somebody make access to your database objects, you have the second database security level.make the new user to get not full accses to your database. if you have many user, then you can group them, i.e. grouping with competency, and you can make some ROLE to make group with their competency.
role is like a template, or set of previleges. imagine this, you have some people that have full acces to your database, then you can make ADMIN role, then you have some people that have a big part of your database then you give them MANAGER role, yup, like that. after you make some roles, then you can give every roles with previlieges to ability what table, sp, etc. they can accses. to doing this, use GRANT and REVOKE statement.
so, with roles you can manage your database user easily.
in examples :
Lets make the example,imagine this, a DBA setting up security for 100 users on a database with 100 tables. With basic SQL security we concluded that the DBA would have to execute 10000 grant statements to fully setup security for these 100 users on all 100 tables in the database.
Using roles, the best case scenario would only require 200 grant statements to be executed. The best case would be where every user requires the same privileges on all tables. In this scenario the DBA could setup one role, which would require 100 grant statements. To add the 100 users to the role would require an additional 100 grant statements, which equals the 200 grant statements stated above. The more general case would require 100x + 100 grant statements, where x equals the number of different roles that are required. For example, if 5 roles were required then a total of 600 grant statements would have to be executed by the DBA to setup security. Clearly, using Roles has made setting up security for this database much easier for the DBA.
regards
pt_wico <pt_wico@...> wrote:
Hi All
I've several qs on fb db security
1) Is this case possible? if I created an fdb file and then somebody
take that file and open and manipulate using their own sysdba
account. How to prevent this?
2) I want to protect FB objects (ie tables, package, trigger) from
being red by other unauthorized user (ie login directly using admin
tools to database not through application), how do i do this?.
3) How does role work in FB?
Thank a lot
Regards
Willy
Yahoo! Groups SponsorADVERTISEMENT
---------------------------------
Yahoo! Groups Links
To visit your group on the web, go to:
http://groups.yahoo.com/group/firebird-support/
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
[Non-text portions of this message have been removed]
2 and 3> to prevent somebody make access to your database objects, you have the second database security level.make the new user to get not full accses to your database. if you have many user, then you can group them, i.e. grouping with competency, and you can make some ROLE to make group with their competency.
role is like a template, or set of previleges. imagine this, you have some people that have full acces to your database, then you can make ADMIN role, then you have some people that have a big part of your database then you give them MANAGER role, yup, like that. after you make some roles, then you can give every roles with previlieges to ability what table, sp, etc. they can accses. to doing this, use GRANT and REVOKE statement.
so, with roles you can manage your database user easily.
in examples :
Lets make the example,imagine this, a DBA setting up security for 100 users on a database with 100 tables. With basic SQL security we concluded that the DBA would have to execute 10000 grant statements to fully setup security for these 100 users on all 100 tables in the database.
Using roles, the best case scenario would only require 200 grant statements to be executed. The best case would be where every user requires the same privileges on all tables. In this scenario the DBA could setup one role, which would require 100 grant statements. To add the 100 users to the role would require an additional 100 grant statements, which equals the 200 grant statements stated above. The more general case would require 100x + 100 grant statements, where x equals the number of different roles that are required. For example, if 5 roles were required then a total of 600 grant statements would have to be executed by the DBA to setup security. Clearly, using Roles has made setting up security for this database much easier for the DBA.
regards
pt_wico <pt_wico@...> wrote:
Hi All
I've several qs on fb db security
1) Is this case possible? if I created an fdb file and then somebody
take that file and open and manipulate using their own sysdba
account. How to prevent this?
2) I want to protect FB objects (ie tables, package, trigger) from
being red by other unauthorized user (ie login directly using admin
tools to database not through application), how do i do this?.
3) How does role work in FB?
Thank a lot
Regards
Willy
Yahoo! Groups SponsorADVERTISEMENT
---------------------------------
Yahoo! Groups Links
To visit your group on the web, go to:
http://groups.yahoo.com/group/firebird-support/
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
[Non-text portions of this message have been removed]