F4109-DATABASE SYSTEM

ACCESS PROTECTION USER ACCOUNT DATABASE AUDITS

q q q
4/22/12

MOHAMMAD AZMER SULAIMAN NURUL FARHANA SABRI NORSHAHEEZA NORAZIZAN

INTRODUCTION

In a database system management, each DBMS must have its own way management whether using other software or database itself. To make sure data integrity and security in a database, each database must have access protection, user account and also database audits.

4/22/12

WHAT IS ACCESS PROTECTION

Enables an authority to control access to areas and resources. Select the access level, user type, and access level privileges for each user or group in a database. In access protection have identification and authentication.

4/22/12

Principles of Access Protection

Separation of duties

No single individual should be allowed to perform high-value or sensitive tasks on their own
Financial transactions User account creation / changes

4/22/12

Least privilege
Persons

should have access to only the functions or data that they require to perform their stated duties File Servers
Don't give access to others' files

on

Workstations

User Account Control

4/22/12

Defense in depth
Use

of multiple controls to protect an asset controls preferred

Heterogeneous

If one type fails, the other remains If one type is attacked, the other remains

4/22/12

Types of Protection

Technical
Authentication,

encryption, firewalls, anti-virus

Physical
Key

card entry, fingerprints.

Administrative
Policy,

procedures, standards

4/22/12

What is User Account

Allows a user toauthenticate to system services and be grantedauthorizationtoaccess them. Resource owners have classified data according to its need for protective controls, entities should develop procedures to identify all functions of user management.

4/22/12

Managing User Accounts

The everyday users of a database need to be able access & manipulate various database objects in a safe and controlled manner. The DBA creates a USER ACCOUNT for each user by following these basic steps:
Create a username/password protected account and assign the

user to a table space.

Allocate the user limited disk storage space (quota) within the

table space

Grant the user limited privileges to log in/out of the account,

create/destroy and manipulate database objects within the account.

4/22/12

Creating User Accounts

The CREATE USER command (Create a user account)

CREATE USER username IDENTIFIED BY password

Example : create user jaja identified by 123

4/22/12

Changing a password for A user

ALTER USER username identified by newpassword ;
Example:

Alter user jaja identified by genie123

4/22/12

Managing User Accounts

Removing a user account

DROP USER username CASCADE; The cascade option drops all objects in the users schema before dropping the user. If the user owns objects you must specify this parameter to drop the user.

4/22/12

What is Database Audit

Observing a database so as to be aware of the actions of database users. It can be based on individual actions, such as the type of SQL statement executed, or on combinations of factors that can include user name, application, time, and so on.

4/22/12

Principle of database audits

Evaluate your purpose for auditing. Audit knowledgeably. Audit only pertinent actions. Archive audit records and purge the audit trail.

4/22/12

Types of Auditing

Statement Auditing

The selective auditing of related groups of statements regarding a particular type of database structure or schema object. Have two categories:-

-DDL statements -DML statements

4/22/12

Privilege Auditing

Use a system privilege, such asSELECTANYTABLE Privilege auditing can audit the activities of all database users or of only a specified list.

Schema Object Auditing

Can audit allSELECTand DML statements permitted by schema object privileges, such asSELECTorDELETEstatements on a given table.

4/22/12

Summary

The conclusion is all these 3 methods or topics are important in DBMS. Access protection useful for database security and only authorized person can access the database. User account is needed for every user to access data in database. It also important for a database to identify authorized user. Database auditing is needed to figure out all the actions that happened in database.

4/22/12