HIM 650 Topic 4 DQ 1
Protecting data security, privacy, and integrity are important database functions. As a database administrator, I would be required to ensure that users have the right to access data stored in the database. This may include creating roles and privileges for users to ensure that everyone has just enough access to perform their day-to-day duties. However, there may sometimes be an overlap in what information different users can access. This is where the concept of least privilege comes into play. By granting each user only the bare minimum of privileges that they require to do their work, we restrict them from accessing potentially sensitive information from other departments. For example, in the case of travel reimbursement requests, giving your accounting team the ability to view requests from other department teams might invite unnecessary conflict or privacy issues for employees, so it is best that each team have access only to their own requests. Let’s take a look at how this can be accomplished in SQL…
Ensuring data security, privacy, and integrity are important activities of a database administrator. The DBA should regularly monitor using SQL queries to make sure that user accounts are properly maintained. The use of the data dictionary can help ensure that the database contains no unauthorized users, or potential vulnerabilities for SQL injection attacks.
Three important activities required to ensure data security, privacy, and integrity are ensuring a reliable backup strategy, monitoring application access and auditing the security log. Two examples of how I would use the data dictionary to monitor the security of the database are monitoring a user’s access to the database and tables while also assessing user authorization and roles.
Recent years have shown that data security, privacy, and integrity are critical functions of any organization. This is why Oracle Database 12c: Admin, Install and Upgrade Accelerated offers an introduction to the management of these functions through a Data Base Administrator’s (DBA) management role. This course incorporates 180-day access to the hands-on environment.
Oracle uses different built-in functions that are aimed at enforcing data privacy, security, and integrity. These are usually defined in the database policy if using a policy-managed database, or through privileges and roles during the creation of a password-managed database. The data dictionary is made up of tables and views which can be accessed and manipulated via SQL statements. For example a user’s identity can be verified with the ALL_USERS table, license information can be found in V$LICENSE and so on.
The data dictionary, which includes the catalog and directory, is the place where information about the structure of a database, network resource names, and relationships of objects are all stored. When installing Oracle software on any node in a distributed database, each node’s data dictionary will be linked to those on all other nodes. A DBA can use SQL statements to check on the security of the databases being maintained by querying the structure of each individual data dictionary table.
Obtaining privileged access to data is not a difficult task for database hackers. Although database systems offer safeguards against intrusions, these safeguards are not foolproof. (For example, an employee leaving a screen unlocked and unattended may allow a hacker to access the corporate database.) A database administrator (DBA) must implement stringent security measures to keep data assets secured. By doing so, the DBA helps to ensure the privacy, integrity and security of the data in the database. The following topics present guidelines for securing databases
Data security is vital to the overall profit and performance of a company. It’s imperative that data privacy and security standards are met, and the best way to ensure this is with consistent monitoring of the databases. The Data dictionary contains information on the database schema (tables, views, and synonyms) as well as constraints on tables (primary keys, foreign key). Using these functions you can monitor for any suspicious use of any stored procedures or queries.
There are many activities that are required to protect data, especially sensitive data. All of these activities need to be authorized and controlled, including the use of encryption.
SQLServer 2005/2008 includes the database related DBCC statements that you can use to check the database and transaction log for consistency, create and rebuild clustered and non-clustered indexes, identify and clear space in the data cache, identify and fix problems with the identity column, show active connections for a given database, validate physical consistency of a database and transaction log file, produce IO statistics for all databases on a server, display information about locks in tables, and perform a variety of other diagnostic operations.
Security of your data is almost as important as the data itself. Being a DBA, you have the ability to ensure that only the right people have access to the right information. You can monitor the security of your system using one of SQL’s built-in roles: SECURITYADMIN. As SECURITYADMIN, use this statement to see all logins on your server:
Protecting data security, privacy, and integrity are important database functions. What activities are required in the DBA’s managerial role of enforcing these functions? Using SQL statements, give some examples of how you would use the data dictionary to monitor the security of the database.