Nonstop Database, HiRDB Version 9 System Operation Guide
HiRDB provides security features in order to protect databases from unauthorized access. The security features are based on the concept of user privileges that prohibit access to a database by a user who does not have the required privilege.
The following table lists the user privileges.
Table 2-1 User privileges
Type of user privilege | Description | What users who have this privilege can do | Who can grant this privilege | ||
---|---|---|---|---|---|
H | D | S | |||
DBA privilege | This privilege is required in order to grant or revoke the DBA, CONNECT, and schema definition privileges. |
|
Y | Y | N |
Audit privilege | This privilege must be granted to auditors. Users with this privilege set audit privileges when the security audit facility is being used. For details about the security audit facility, see 24. Using the Security Audit Facility. Users with the audit privilege have the following privileges:
|
|
Y | N | N |
CONNECT privilege | This privilege is required to use HiRDB. An error results when a user who does not have the CONNECT privilege attempts to use HiRDB. | Connect to databases. | Y | Y | N |
Schema definition privilege | This privilege is required to define a schema. |
|
Y | Y | N |
RDAREA usage privilege | This privilege is required to use a private RDAREA, but is not needed for creating tables and indexes in public RDAREAs. | Create tables and indexes in a private RDAREA. | Y | Y | N |
Access privilege | This privilege is required to access tables (base tables and view tables). There are four access privilege types; the types are set at the table level: | Access the tables of other users. | N | N | Y |
SELECT privilege | Search for (SELECT) a table. | N | N | Y | |
INSERT privilege | Add (INSERT) row data into a table. | N | N | Y | |
DELETE privilege | Delete (DELETE) row data from a table. | N | N | Y | |
UPDATE privilege | Update (UPDATE) row data in a table. | N | N | Y |
The falsification prevention facility is a security function that is provided in addition to the table access privileges. When the falsification prevention option (INSERT ONLY) is specified for a table that is being defined, the defined table becomes a falsification prevented table.
The objectives and features of falsification prevented tables are as follows.
For details about the falsification prevention facility, see the HiRDB Version 9 Installation and Design Guide.
HiRDB supports a facility that registers the results of security-related checking into an audit trail table as an audit trail when an event that accesses a HiRDB resource occurs. This facility is called the security audit facility. An audit trail table records who accessed which resource when, and whether the security check was successful. An audit trail table can be used for auditing illegal accesses.
To prevent illegal modification of audit trail tables, the users who are permitted to operate an audit trail table are limited to those shown in the following table.
Table 2-2 Users who are permitted to operate an audit trail table
Operation on the audit trail table | Permitted users |
---|---|
Referencing of data (SELECT) |
|
Deletion of data (DELETE and PURGE) | Auditor |
Addition or modification of data (INSERT or UPDATE) | None |
For details about the security audit facility, see 24. Using the Security Audit Facility.
All Rights Reserved. Copyright (C) 2011, 2015, Hitachi, Ltd.