Prev | What's New in Pervasive.SQL V8.5 | Next |
Planning Your Security Scheme
After you install this product, the default behavior for security is the same as the previous release; that is, the database engine uses Classic or OS-based authentication and authorization. Any user with permission to access a given data file through the operating system will have the same level of permission to access the data records contained within the file, unless you are using Btrieve owner names to restrict access to the data files.
This section describes the steps you must follow to set up the default database, authorized users, and other aspects of the new Btrieve security policies.
Available Options
There are three security options available to you. The features of these options are described below to help you choose which is best for you. Encryption is optional in every configuration.
The following table shows how rights are assigned using the various security policies.
Under Database security, database user accounts are completely unrelated to OS user accounts and OS-level file access rights can and should be removed in order to ensure data privacy.
In contrast, under Classic security, a user who succesfully logs into the computer has access to the database contents, at whatever level of filesystem rights that the user has been assigned to the file that contains the data.
Lastly, the Mixed security policy has aspects of both of the other policies. Under this scheme, users login using their OS user names and passwords, but then the users access rights to the data are governed by user permissions set up in the database.
Choosing Your Policy
This section describes some of the major reasons you might choose one security policy over another.
Reasons to Choose Classic
- You are comfortable with your users having filesystem access to your data files. For example, any user with rights to delete records from the data file can also delete the entire file from your operating system. Note that some government regulations such as HIPAA specifically prohibit this kind of behavior. Consult your legal advisor for issues regarding compliance with government regulations.
- You want the minimum administrative hassle; you don't want to set up both OS user accounts for each user and at least one database account (PUBLIC account defines permissions for all users).
- You do not need to have a variety of data access rights that vary from each user's filesystem rights.
- You don't want your users to have a separate login for the database.
Reasons to Choose Mixed
- You don't want your users to have a separate login for the database.
- You want to prevent valid database users from having any rights to the data files on the operating system. For example, you can prevent users who have all rights to in the database from having rights to delete data files from the operating system.
- You are willing to set up database user accounts that have the same user names as OS user accounts, and you are willing to assign permissions to each database user. Or, all your users have the same level of permissions, and you can address their needs by assigning permissions to one database user account, PUBLIC.
Reasons to Choose Database
- You want to have a separate login for the database. That is, after logging into the operating system, users must login again to the database. This behavior is useful when some authorized computer users are permitted access to the database and some are not.
- You want to prevent valid database users from having any rights to the data files on the operating system. For example, you can prevent users who have all rights in the database from having rights to delete data files from the operating system. You can also achieve this goal using the Mixed security policy.
- You want database user accounts that use different names than the operating system accounts. For example, operating system user "jsmith" might be required to login to the database as "john."
The Simplest Way to Secure your Data Files at the Operating System Level
If your primary concern is simply to implement a Btrieve security scheme such that your database users do not have rights to copy, overwrite, or delete the data files in the operating system, then this section describes an overview of what you need to do.
- Install Pervasive.SQL 8.5 database engine.
As long as you do not use wire encryption, V8 clients are compatible with the V8.5 engine. You are not required to upgrade the clients.
- In PCC, use the Maintain Database Names utility to add the data file locations of your Btrieve files into the DefaultDB database.
You do not need to enter every directory, just the highest level directory that is common to all data files.
- Enable security on DefaultDB using either the Database Properties dialog in PCC, or the
SET SECURITY
statement in SQL.- When logged into DefaultDB as the Master user, grant rights to the PUBLIC user at the database level. For example, if you want to grant all rights to all authenticated users, you would use the statement:
GRANT ALL ON * TO PUBLIC
. This statement will give all users the same rights to the data.If you need to grant users varying rights, then you must create group accounts (if applicable) and individual user accounts using the GRANT statement in SQL or using the Users and Groups dialog in PCC.
- Use the Maintain Database Names dialog in PCC to set the Btrieve security policy for DefaultDB to Mixed.
- Secure the data files in the operating system according to your operating system instructions. You can now deny operating system users from having any rights to the data files, without affecting their ability to access the data through the database engine.
For step-by-step instructions for this procedure, see Btrieve Security Quick Start .
Prev Setting Up Btrieve Security |
Contents Up Check for Revisions | Next Before you Begin |