Enterprise Manager: Databases > Security

To view this topic for the preceding Enterprise Manager, see EM Java App: Database - Permissions and Roles Tabs.

Introduction

Security is, or should be, a major consideration for any database administrator. Depending on the requirements of each company, this could be as simple as requiring a user name and password to connect to the system, or as complex as different permissions for different types of SQL operations on various objects in the database for each individual user. Standard permissions have been available in BBj since version 1.0. These permissions give the administrator the ability to assign read-only or read/write access to an entire database. However, standard permissions did not permit assigning different permissions to different objects (tables, views, etc.) in the database – it is all or nothing. While this is very easy to manage, it limits the control that the administrator has over access to sensitive data. This in turn could limit the ability for users to have easy desktop data query access to subsets of the company production database. Workarounds are possible but they require far more maintenance and structuring of the database by the database administrator.

BBj 11.0 and higher provides a complete feature set for managing user permissions in a powerful new feature called “Object Level Permissions.” This new feature will, for many customers, unlock meaningful desktop data query access to corporate data for all the users within a company with appropriate restrictions that are easy to structure and maintain. For an in-depth look at permissions and roles, see The BASIS International Advantage article DB Security That You Have Always Dreamed About.

Description

Use the Security Tab to configure database level permissions for users of the systems.

Choose from two permission types: legacy and object level (available in BBj 11.0 and higher).

Legacy Permissions

While an administrator may assign read only or read/write access to an entire database, there is no way to assign different permissions to different objects (tables, views, etc) in the database. Legacy permissions are very easy to manage, but limits the control that the administrator has over access to sensitive data.

Object Level Permissions

In BBj 11.0 and higher, the administrator may assign different permissions to different users or groups of users on different objects in the database. “Objects” in a database refer to tables, views, and stored procedures.

Privileges Tab

See Database - Permissions for complete details.

Roles Tab

Use the Roles Tab to configure database level roles for users of the systems. This tab shows a list of roles currently defined for the database. These roles are specific to only the database for which they are defined.

To view the members of a role, simply select the role from the list.