Re: SQL Svr security not enuf: finer grain, more auditing?

From: Bret Halford <bret_at_sybase.com>
Date: 1997/02/15
Message-ID: <5e30rs$1jp_at_fyi.sybase.com>#1/1


In article <5e275l$i3h_at_miso.wwa.com>, knight_at_sashimi.wwa.com writes:
|> I need to implement a security system that goes above and beyond what
|> Microsoft SQL Server 6.5 seems to offer. Specifically,
|>
|> 1. Access restriction
|> Allow row and column level restrictions on SELECT, UPDATE, INSERT and
|> DELETE. Each user belongs to 8 different security classes, in each of
|> which he/she may have varying levels of access for each type of activity
|> (select, update, insert, delete). Apart from all of this, the users may be
|> given global rights for the 4 types of access.
|>
|> It is hard to do this using VIEWS, TRIGGERS and ancillary security (access
|> list) tables because the complexity of the views (8 to 10 OR-ed clauses in
|> the WHERE statement) would slow the server down to an unacceptable level.
|>
|> Also, the security layer should be part of the back-end (or in a middle
|> layer), not implemented in the front-end.
|>
|> 2. Full audit trail
|> Ability to create an audit trail of activity including the SQL statements
|> issued by clients, and be able to either have a full trail (ALL activity)
|> or a trail by user and/or by type of activity.
|>
|> At this point, we have a custom-crafted middle layer that implements this
|> security, but it is far from finished, and will probably take too long to
|> complete. So our options are to augment SQL Server security or to move to
|> another platform altogether (or, finish the middle layer).
|>
|> Are there any Microsoft/Sybase/3rd party products that support this level
|> of security and auditing? I can't imagine that I am the first one who has
|> had this requirement... Any pointers provided would be greatly
|> appreciated.
|>

Sybase Secure SQL Server may fullfill some of these requirements. I suggest you talk to a Sybase Salesperson about it.

-- 
---------------------------------------------------------------------
| Bret Halford                    Imagine my disappointment       __| 
| Sybase Technical Support        in learning the true nature  __|  
| 6400 S. Fiddlers Green Circle   of rec.humor.oracle...    __|  
| Englewood, CO 80111-4954 USA                             |
============================================================
Received on Sat Feb 15 1997 - 00:00:00 CET

Original text of this message