Managing Data Security

The goal of database security is the protection of data from accidental or intentional threats to its integrity and access. Access to data has become more open managing data security has become difficult and time-consuming. Data administration is responsible for developing overall policies and procedures to protect databases. Database security is the protection of the data against accidental or intentional loss, destruction or misuse.

 

 

Threats of Data Security

Those who gain unauthorized access to a database may then browse, change or even steal the data to which they have gained access. Focusing on database security alone, however, will not ensure a secure database.

 

 

All part of the system must be secure, including the database, the network, the operating system the building in which the database resides physically and the personnel who have an opportunity to access the system.

 

 

The following threats can be identified for data security.

 

  • Accidental losses and human errors.
  • Software and hardware malfunctions.
  • Theft and fraud.
  • Loss of privacy or confidentiality.
  • Loss of data integrity.
  • Loss of availability.

 

A comprehensive data security plan will include establishing administrative policies and procedures, physical protection, and data management software protections.

 

 

Database security and DBA 

The DBA has a DBA account in the DBMS, Sometimes called a system of superuser account, which provides powerful capabilities that are not made available to regular database users and accounts.

 

DBA privileged commands include commands for granting and revoking privileges two individual accounts, users or user groups and for performing the following type of actions.

  • Account Creation: creates a new account and password for a new user or a group of users to enable them to access the DBMS.
  • Privilege Granting: permits the DBA to grant certain privilege to a certain account.
  • Privilege Revocation: permit the DBA to revoke (cancel) certain privileges that were previously given to certain accounts. ( control authorization)
  • Security level assignment: assigning the user account to the appropriate security classification level. 

 

 

Access Control

A DBMS offers two main approaches to access control.

  1. Discretionary access control.
  2. Mandatory access control.

 

Discretionary access control

The typical methods of enforcing discretionary access control in a database system is based on the granting and revoking of privileges. security and Access Control, in SQL are,

  1. GRANT
  2. REVOKE

 

Types of discretionary privileges

The DBMS must provide access to each related to the database based on specific accounts. Operations may also be a control thus having an account does not necessarily entitle the account holders to all the functionality provided by the DBMS. Informally there are two levels for assigning privileges to use the database system: 

  1. The account level: At this level, DBA specifies the particular privileges that each account holds independently of the relations in the database.
  2. The relation (or table) level: At this level, we can control the privilege to access each individual relation or view in the database.

 

 

Account Level privileges

The privileges of the account level applied to the capabilities provided to the account itself and can include

  • CREATE SCHEMA privilege - to create a schema.
  • CREATE TABLE Privilege - to create or base relation.
  • CREATE VIEW privilege - to create or base relation.
  • ALTER  privilege - to apply schema changes such as adding or removing attributes from relations.
  • DROP privilege - to delete relations or views.
  • MODIFY privilege - to insert, delete, or update tuples.
  • SELECT  privilege - to retrieve information from the database using a select query. 

 

Account privileges apply to the account in general. if a certain account does not have the CREATE DATABASE privilege no relations can be created from the account.

 

Account - level privileges are not defined as part of SQL2, they are left to the DBMS implementers to define. In earlier versions of SQL. CREATE TAB privilege exits to give an account the privilege to create tables ( relations)

 

About Tec News

Tec News is optimized for learning Web Development, Programming, Database System and Tutorials, Articles, References for your development. This web help developers, learners learn these technologies easy and free.

Contact Us

If you have any suggestions or have any questions regarding our web please feel free to contact us.

info@tec-news.com        

https://www.tec-news.com