I need to implement a security system that goes above and beyond what
Microsoft SQL Server 6.5 seems to offer. Specifically,
- Access restriction
Allow row and column level restrictions on SELECT, UPDATE, INSERT and
DELETE. Each user belongs to 8 different security classes, in each of
which he/she may have varying levels of access for each type of activity
(select, update, insert, delete). Apart from all of this, the users may be
given global rights for the 4 types of access.
It is hard to do this using VIEWS, TRIGGERS and ancillary security (access
list) tables because the complexity of the views (8 to 10 OR-ed clauses in
the WHERE statement) would slow the server down to an unacceptable level.
Also, the security layer should be part of the back-end (or in a middle
layer), not implemented in the front-end.
2. Full audit trail
Ability to create an audit trail of activity including the SQL statements
issued by clients, and be able to either have a full trail (ALL activity)
or a trail by user and/or by type of activity.
At this point, we have a custom-crafted middle layer that implements this
security, but it is far from finished, and will probably take too long to
complete. So our options are to augment SQL Server security or to move to
another platform altogether (or, finish the middle layer).
Are there any Microsoft/Sybase/3rd party products that support this level
of security and auditing? I can't imagine that I am the first one who has
had this requirement... Any pointers provided would be greatly
appreciated.
