Pervasive logo

Prev What's New in Pervasive.SQL V8.5 Next

Planning Your Security Scheme


After you install this product, the default behavior for security is the same as the previous release; that is, the database engine uses Classic or OS-based authentication and authorization. Any user with permission to access a given data file through the operating system will have the same level of permission to access the data records contained within the file, unless you are using Btrieve owner names to restrict access to the data files.

This section describes the steps you must follow to set up the default database, authorized users, and other aspects of the new Btrieve security policies.

Available Options

There are three security options available to you. The features of these options are described below to help you choose which is best for you. Encryption is optional in every configuration.

 
Table 4-1 Feature Comparison of Security Policies

Feature
Classic
Mixed
Database
Users' data access rights are derived directly from OS users' file system rights

ü



Users' data access rights are unrelated to users' file system rights if OS-level file access rights are removed for those users.

ü

ü

Database user accounts are derived directly from OS user accounts; Database accepts successful OS login as valid database user

ü

ü


User must log into database separately from logging into computer; OS user accounts have no bearing on authorization or access.


ü

Supports automatic pop-up dialog for entering database user name and password from any Pervasive-based Windows application when server configuration permits.


ü

The following table shows how rights are assigned using the various security policies.

 
Table 4-2 Permissions Defined Comparison of Security Policies

Feature
Classic
Mixed
Database
To assign individual-level rights, Administrator must set up separate OS and database user accounts for each user.

ü

ü

To assign a set of default privileges for a set of users in your organization, administrators can define a group with a set of privileges, and then add users to that group. Users that are members of groups other than PUBLIC cannot have individual rights.

ü

ü

To assign a set of default privileges for all users who are not members of a group, administrators can assign the privileges to the PUBLIC group. All users who are not explicitly a member of a group are considered implicit members of the PUBLIC group. A user who is a member of PUBLIC inherently possesses the sum of user-level and PUBLIC rights.

ü

ü

All user rights are related to OS file-level rights.

ü



Under Database security, database user accounts are completely unrelated to OS user accounts and OS-level file access rights can and should be removed in order to ensure data privacy.

In contrast, under Classic security, a user who succesfully logs into the computer has access to the database contents, at whatever level of filesystem rights that the user has been assigned to the file that contains the data.

Lastly, the Mixed security policy has aspects of both of the other policies. Under this scheme, users login using their OS user names and passwords, but then the users access rights to the data are governed by user permissions set up in the database.

Choosing Your Policy

This section describes some of the major reasons you might choose one security policy over another.

Reasons to Choose Classic

Reasons to Choose Mixed

Reasons to Choose Database

The Simplest Way to Secure your Data Files at the Operating System Level

If your primary concern is simply to implement a Btrieve security scheme such that your database users do not have rights to copy, overwrite, or delete the data files in the operating system, then this section describes an overview of what you need to do.

  1. Install Pervasive.SQL 8.5 database engine.

    As long as you do not use wire encryption, V8 clients are compatible with the V8.5 engine. You are not required to upgrade the clients.

  2. In PCC, use the Maintain Database Names utility to add the data file locations of your Btrieve files into the DefaultDB database.

    You do not need to enter every directory, just the highest level directory that is common to all data files.

  3. Enable security on DefaultDB using either the Database Properties dialog in PCC, or the SET SECURITY statement in SQL.
  4. When logged into DefaultDB as the Master user, grant rights to the PUBLIC user at the database level. For example, if you want to grant all rights to all authenticated users, you would use the statement: GRANT ALL ON * TO PUBLIC. This statement will give all users the same rights to the data.

    If you need to grant users varying rights, then you must create group accounts (if applicable) and individual user accounts using the GRANT statement in SQL or using the Users and Groups dialog in PCC.

  5. Use the Maintain Database Names dialog in PCC to set the Btrieve security policy for DefaultDB to Mixed.
  6. Secure the data files in the operating system according to your operating system instructions. You can now deny operating system users from having any rights to the data files, without affecting their ability to access the data through the database engine.

For step-by-step instructions for this procedure, see Btrieve Security Quick Start .


Prev
Setting Up Btrieve Security
Contents
Up
Check for Revisions
Next
Before you Begin