Planning Your Security Scheme

---

After you install this product, the default behavior for security is the same as the previous release; that is, the database engine uses Classic or OS-based authentication and authorization. Any user with permission to access a given data file through the operating system will have the same level of permission to access the data records contained within the file, unless you are using Btrieve owner names to restrict access to the data files.

This section describes the steps you must follow to set up the default database, authorized users, and other aspects of the new Btrieve security policies.

Available Options

There are three security options available to you. The features of these options are described below to help you choose which is best for you. Encryption is optional in every configuration.

 
Table 4-1 Feature Comparison of Security Policies

Feature	Classic	Mixed	Database
Users' data access rights are derived directly from OS users' file system rights	ü
Users' data access rights are unrelated to users' file system rights if OS-level file access rights are removed for those users.		ü	ü
Database user accounts are derived directly from OS user accounts; Database accepts successful OS login as valid database user	ü	ü
User must log into database separately from logging into computer; OS user accounts have no bearing on authorization or access.			ü
Supports automatic pop-up dialog for entering database user name and password from any Pervasive-based Windows application when server configuration permits.			ü

The following table shows how rights are assigned using the various security policies.

 
Table 4-2 Permissions Defined Comparison of Security Policies

Feature	Classic	Mixed	Database
To assign individual-level rights, Administrator must set up separate OS and database user accounts for each user.		ü	ü
To assign a set of default privileges for a set of users in your organization, administrators can define a group with a set of privileges, and then add users to that group. Users that are members of groups other than PUBLIC cannot have individual rights.		ü	ü
To assign a set of default privileges for all users who are not members of a group, administrators can assign the privileges to the PUBLIC group. All users who are not explicitly a member of a group are considered implicit members of the PUBLIC group. A user who is a member of PUBLIC inherently possesses the sum of user-level and PUBLIC rights.		ü	ü
All user rights are related to OS file-level rights.	ü

Under Database security, database user accounts are completely unrelated to OS user accounts and OS-level file access rights can and should be removed in order to ensure data privacy.

In contrast, under Classic security, a user who succesfully logs into the computer has access to the database contents, at whatever level of filesystem rights that the user has been assigned to the file that contains the data.

Lastly, the Mixed security policy has aspects of both of the other policies. Under this scheme, users login using their OS user names and passwords, but then the users access rights to the data are governed by user permissions set up in the database.

Choosing Your Policy

This section describes some of the major reasons you might choose one security policy over another.

Reasons to Choose Classic

• You are comfortable with your users having filesystem access to your data files. For example, any user with rights to delete records from the data file can also delete the entire file from your operating system. Note that some government regulations such as HIPAA specifically prohibit this kind of behavior. Consult your legal advisor for issues regarding compliance with government regulations.
• You want the minimum administrative hassle; you don't want to set up both OS user accounts for each user and at least one database account (PUBLIC account defines permissions for all users).
• You do not need to have a variety of data access rights that vary from each user's filesystem rights.
• You don't want your users to have a separate login for the database.

Reasons to Choose Mixed

• You don't want your users to have a separate login for the database.
• You want to prevent valid database users from having any rights to the data files on the operating system. For example, you can prevent users who have all rights to in the database from having rights to delete data files from the operating system.
• You are willing to set up database user accounts that have the same user names as OS user accounts, and you are willing to assign permissions to each database user. Or, all your users have the same level of permissions, and you can address their needs by assigning permissions to one database user account, PUBLIC.

Reasons to Choose Database

• You want to have a separate login for the database. That is, after logging into the operating system, users must login again to the database. This behavior is useful when some authorized computer users are permitted access to the database and some are not.
• You want to prevent valid database users from having any rights to the data files on the operating system. For example, you can prevent users who have all rights in the database from having rights to delete data files from the operating system. You can also achieve this goal using the Mixed security policy.
• You want database user accounts that use different names than the operating system accounts. For example, operating system user "jsmith" might be required to login to the database as "john."

The Simplest Way to Secure your Data Files at the Operating System Level

If your primary concern is simply to implement a Btrieve security scheme such that your database users do not have rights to copy, overwrite, or delete the data files in the operating system, then this section describes an overview of what you need to do.

1. Install Pervasive.SQL 8.5 database engine.

   As long as you do not use wire encryption, V8 clients are compatible with the V8.5 engine. You are not required to upgrade the clients.

2. In PCC, use the Maintain Database Names utility to add the data file locations of your Btrieve files into the DefaultDB database.

   You do not need to enter every directory, just the highest level directory that is common to all data files.

3. Enable security on DefaultDB using either the Database Properties dialog in PCC, or the SET SECURITY statement in SQL.
4. When logged into DefaultDB as the Master user, grant rights to the PUBLIC user at the database level. For example, if you want to grant all rights to all authenticated users, you would use the statement: GRANT ALL ON * TO PUBLIC. This statement will give all users the same rights to the data.

   If you need to grant users varying rights, then you must create group accounts (if applicable) and individual user accounts using the GRANT statement in SQL or using the Users and Groups dialog in PCC.

5. Use the Maintain Database Names dialog in PCC to set the Btrieve security policy for DefaultDB to Mixed.
6. Secure the data files in the operating system according to your operating system instructions. You can now deny operating system users from having any rights to the data files, without affecting their ability to access the data through the database engine.

For step-by-step instructions for this procedure, see Btrieve Security Quick Start .