Table of Contents
Advertisement
How user permissions are assessed
Strict security
How user permissions are assessed
Managing the resources connections use
372
For strict security, you can disallow all access to the underlying tables, and
grant permissions to users or groups of users to execute certain stored
procedures. With this approach, the manner in which data in the database can
be modified is strictly defined.
Groups do introduce complexities in the permissions of individual users.
Suppose user
has been granted SELECT and UPDATE permissions
M_Haneef
on a specific table individually, but is also a member of two groups, one of
which has no access to the table at all, and one of which has only SELECT
access. What are the permissions in effect for this user?
Adaptive Server IQ decides whether a user ID has permission to carry out a
specific action in the following manner:
1
If the user ID has DBA permissions, the user ID can carry out any action
in the database.
2
Otherwise, permission depends on the permissions assigned to the
individual user. If the user ID has been granted permission to carry out the
action, then the action is allowed to proceed.
3
If no individual settings have been made for that user, permission depends
on the permissions of each of the groups of which the user is a member. If
any of these groups has permission to carry out the action, the user ID has
permission by virtue of membership in that group, and the action is
allowed to proceed.
This approach minimizes problems associated with the order in which
permissions are set.
Building a set of users and groups allows you to manage permissions on a
database. Another aspect of database security and management is to limit the
resources an individual user can use.
Advertisement
Table of Contents
