IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
access rights, so that security pitfalls are created. In particular, the
possibility of granting rights to all users (GRANT ... TO PUBLIC) should
not be used.
In general, only the owner of a database object is allowed to grant access
rights to other users. However, some database systems also allow the
owner of a database object to authorise other users to grant access rights.
This facility should only be made use of in exceptional cases, as it no
longer allows the access control of data and database objects.
- Restrictive access to data via applications
Applications should support restrictive access to data, i.e. only those
functions and data actually required by users for fulfilling their
responsibilities should be made available to them (in accordance with the
user IDs and the group memberships). One method of implementing this is
through the use of stored procedures.
Stored procedures are sequences of SQL statements which have been
stored in the database in a pre-optimised manner. To invoke a stored
procedure, only its name and, if applicable, certain parameters need to be
entered in order to execute the underlying SQL statements. This is
advantageous, because not all of the SQL statements need to be transferred
to the database server, thus reducing the load on the network when
complex operations are involved. Furthermore, the database system is able
to store the SQL statements in an optimised manner, so that they can be
executed more rapidly. The greatest restriction which can be imposed for
the purpose of access control is to allocate access rights for stored
procedures instead of tables or views. If access rights are just allocated for
stored procedures, then users can only invoke operations which have been
enabled by the database administrators.
Examples:
1. In MS Access, different access rights can be granted for the database itself
(open/execute, exclusive, administer) as well as for the tables and queries
(read data, update data, delete data, add data). These rights can be assigned
to various users and user groups. In MS Access, the groups named
"administrators" and "users" have been configured by default; the "users"
group contains the "read data" and "update data" rights for tables and
queries, and the "open/execute" rights for databases. To allow a detailed
control of access rights, it is possible to define separate groups which can
be assigned different rights. This can be done in the menu titled Extras
under the items Access rights and User and group accounts.
2. In an Oracle database, a group named "Department_1" can be created with
the following instruction:
CREATE ROLE Department_1 IDENTIFIED BY ;
In the following example, the group named "Department_1" is granted the
right to establish a connection with a database and to create a session:
GRANT CONNECT, CREATE SESSION TO Department_1;
In the following example, the same group is granted the right to perform a
SELECT on the table named "Test":
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000