Prev | Advanced Operations Guide | Next |
Planning Your Security Scheme
After you install this product, the default behavior for security is the same as the previous release; that is, the database engine uses Classic or OS-based authentication and authorization. Any user with permission to access a given data file through the operating system will have the same level of permission to access the data records contained within the file, unless you are using Btrieve owner names to restrict access to the data files.
This section describes the steps you must follow to set up the default database, authorized users, and other aspects of the new Btrieve security policies.
Available Options
There are three security options available to you. The features of these options are described below to help you choose which is best for you. Encryption is optional in every configuration.
Under Database security, database user accounts are completely unrelated to OS user accounts.
In contrast, under Classic security, a user who succesfully logs into the computer has access to the database contents, at whatever level of filesystem rights that the user has been assigned to the file that contains the data.
Lastly, the Mixed security policy has aspects of both of the other policies. Under this scheme, users login using their OS user names and passwords, but then the users access rights to the data are governed by user permissions set up in the database.
Choosing Your Policy
This section describes some of the major reasons you might choose one security policy over another.
Reasons to Choose Classic
- You are comfortable with your users having filesystem access to your data files. For example, any user with rights to delete records from the data file can also delete the entire file from your operating system. Note that some government regulations such as HIPAA specifically prohibit this kind of behavior. Consult your legal advisor for issues regarding compliance with government regulations.
- You want the minimum administrative hassle; you don't want to set up both OS user accounts for each user and at least one database account (PUBLIC account defines permissions for all users).
- You do not need to have a variety of data access rights that vary from each user's filesystem rights.
- You don't want your users to have a separate login for the database.
Reasons to Choose Mixed
- You don't want your users to have a separate login for the database.
- You want to prevent valid database users from having any rights to the data files on the operating system. For example, you can prevent users who have all rights to in the database from having rights to delete data files from the operating system.
- You are willing to set up database user accounts that have the same user names as OS user accounts, and you are willing to assign permissions to each database user. Or, all your users have the same level of permissions, and you can address their needs by assigning permissions to one database user account, PUBLIC.
Reasons to Choose Database
- You want to have a separate login for the database. That is, after logging into the operating system, users must login again to the database. This behavior is useful when some authorized computer users are permitted access to the database and some are not.
- You want to prevent valid database users from having any rights to the data files on the operating system. For example, you can prevent users who have all rights in the database from having rights to delete data files from the operating system. You can also achieve this goal using the Mixed security policy.
- You want database user accounts that use different names than the operating system accounts. For example, operating system user "jsmith" might be required to login to the database as "john."
The Simplest Way to Secure your Data Files at the Operating System Level
If your primary concern is simply to implement a Btrieve security scheme such that your database users do not have rights to copy, overwrite, or delete the data files in the operating system, then this section describes an overview of what you need to do.
- Install Pervasive.SQL 8.5 database engine.
As long as you do not use wire encryption, V8 clients are compatible with the V8.5 engine. You are not required to upgrade the clients.
- In PCC, use the Maintain Database Names utility to add the data file locations of your Btrieve files into the DefaultDB database.
You do not need to enter every directory, just the highest level directory that is common to all data files.
- Enable security on DefaultDB using either the Database Properties dialog in PCC, or the
SET SECURITY
statement in SQL.- When logged into DefaultDB as the Master user, grant rights to the PUBLIC user at the database level. For example, if you want to grant all rights to all authenticated users, you would use the statement:
GRANT ALL ON "*" TO PUBLIC
. This statement will give all users the same rights to the data.If you need to grant users varying rights, then you must create group accounts (if applicable) and individual user accounts using the GRANT statement in SQL or using the Users and Groups dialog in PCC.
- Use the Maintain Database Names dialog in PCC to set the Btrieve security policy for DefaultDB to Mixed.
- Secure the data files in the operating system according to your operating system instructions. You can now deny operating system users from having any rights to the data files, without affecting their ability to access the data through the database engine.
For step-by-step instructions for this procedure, see Btrieve Security Quick Start .
Before you Begin
Setting up Btrieve security is a simple process, but it affords enough flexibility that some preparation is necessary. This section describes the information you should know before you begin to set up Btrieve security.
How Many Databases?
For Mixed or Database security, you must either assign all users the same level of permissions, or create a set of defined users for each database.
In some cases where your Btrieve data files encompass two or more completely unrelated bodies of data, you may want to set up two or more separate databases, each with its own set of authorized users. Generally speaking, however, you want to minimize the number of separate databases so that you do not have to create and maintain multiple sets of defined users. Often, a single database is sufficient. User permissions within the database will allow you to regulate each user's access to the database, so you do not need to create separate databases just to limit certain users' access.
If you determine that you need only one database, you may use the pre-existing database, DefaultDB, as the database associated with your Btrieve files. You may also set up your own named database instead.
Where are the Data Files?
You associate a Btrieve data file with a database by specifying the directory containing the data file as a Data Directory for the given named database. Thus, you need to know the directories containing all the data files that you want to associate with the database. If all the data files reside in a sub-directory tree within a specific directory, all you need to know is the top-level directory pathname. You can even use "C:\" if you wish to include all data files on the hard drive.
What are the User Names?
If you plan to use Mixed security, you must either assign all users the same permissions, or set up user accounts for the users whose rights differ from the default (PUBLIC) permissions. If you are going to set up individual users, you must have a list of the operating system user names that you want to make into database user names. The database user names that you set up must match the operating system user names exactly. You can always add additional user names later, but it is more efficient to create several users at once.
What Security Policy?
Before you set up security, you must know what policy you plan to use. The setup process varies somewhat for each policy. Considerations in choosing a policy are presented in Choosing Your Policy .
Process Overview
This section outlines the high-level procedure used to set up security for a database. Detailed, step-by-step instructions are provided in the section that follows.
- Preparation. As specified above in Before you Begin, gather the information you need and make the decisions necessary to get started. How many databases? Where are the Btrieve files located? What are the user names? What security policy will you use?
- Select a database to use with your Btrieve files, and populate the database with the data directory specifying the location of your data files. This step is only necessary for Mixed or Database security.
For details on this step, see To use an existing database, including the pre-defined DefaultDB, with your Btrieve files , or To create a new database for use with your Btrieve files
- Turn on security. On the Database Properties dialog, enter a Master user password to enable security.
For details on this step, see To turn security on for a Database .
- Create users and permissions. Using SQL statements or the Groups and Users dialog in PCC, create your user accounts and/or relevant user privileges. This step is only necessary for Mixed or Database security.
For the fastest, easiest way to grant users access, see To grant the same rights to all users .
- Using the Maintain Named Databases dialog, set the Btrieve Security policy for your database to Mixed or Database. Then restart the database engine.
For details on this step, see To change the security policy for a database .
- Secure the data files in the operating system. Users now can access the data without having any rights to access the data files in the operating system. Refer to your operating system documentation for information on securing access to files.
Prev Security Models and Concepts |
Contents Up Check for Revisions | Next Btrieve Security Quick Start |