Download eBook (PDF) - Red Gate Software

CHAPTER 2: DATACLASSIFICATION AND ROLESThe systematic arrangement of items, based upon their similarity, is a naturaltendency of humans. We categorize living beings into classes, establish genresof entertainment, define nationalities of people, specify types of food anddesignate criteria of celestial objects. This practice is referred to asclassification.The process of classification of sensitive data is that of identifying patterns andsimilarities between different types of data so that we can define a commonapproach to securing it. Having classified our data, we will be able to apply theappropriate level of security to it, and communicate the policies that determinehow the data will be handled by its users.In this chapter, using an example HomeLending database, we will:• Define some simple "sensitivity classes" that can be used to groupcolumns of data according to their level of sensitivity.• Create Database Roles through which we can control access to eachclass of data.• Assign membership of each role.• Use SQL Server extended properties to assign a sensitivity class toeach database column.Finally, we'll discuss how this simple classification might be extended for morespecific requirements, and how we define and allocate the data handlingpolicies appropriate for each class of data.Introducing the HomeLending DatabaseBefore we begin in earnest, it will be useful to review a few details regardingour sample HomeLending database which will be used to illustrate the topicsin this book. This will be a simplified version of a database that might be usedby a financial institution for the purpose of managing the home equity andmortgage loan application process. A copy of the script that will create thisdatabase in your own instance of SQL Server can be obtained from thefollowing URL:http://www.simple-talk.com/RedGateBooks/JohnMagnabosco/HLSchema.zip37