Database security is of utmost importance today. Your database might allow customers to purchase products over the Internet, or it could contain historical data used to predict business trends; either way, your company needs a sound database security plan. A database security plan should define:
- Who is allowed access to the database server instance and the database
- Where and how user passwords are verified
- Authority levels granted to users
- Commands that users are allowed to run
- Data that users are allowed to read or alter
- Database objects that users are allowed to create, alter, or drop
IDS provides three main mechanisms to implement a database security plan: authentication, authorization, and privileges.
- Authentication is the process by which IDS verifies that someone is who they claim they are. IDS authentication works closely with the security features of the underlying operating system to verify user IDs and passwords. IDS can also work with security protocols like PAM and Kerberos to authenticate users.
- Authorization involves determining the operations that users or groups can perform, and the data objects that they can access. A user's ability to perform high-level database and instance management operations is determined by the authorities that they have been assigned.
- Privileges are more granular than authorities and can be assigned to users or groups. Privileges help define the objects that a user can create or drop. They also define the commands that a user can use to access objects like tables, views, indexes, and packages. IDS also supports label-based access control (LBAC) that allows even more granular control of who can access individual rows and columns.
IDS also provides encryption for the next level of security.