IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.132 Provisions for configuring database users /<br />

user groups<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

Users and user groups need to be configured in order to ensure an appropriate<br />

allocation of access rights (refer to S 2.129 Controlling access to database<br />

information) as well as correct and controlled operation. For this purpose,<br />

every database user generally receives an internal database ID with which the<br />

database identifies the user. This ensures that only authorised persons can<br />

access the database.<br />

As described in S 2.30 Provisions governing the designation of users and user<br />

groups, a form should be prepared for the purpose of gathering details<br />

pertaining to each user and user group:<br />

- Surname, first name<br />

- Proposed user ID (if not assigned by conventions)<br />

- Organisational unit<br />

- Reachability (e.g. telephone, room)<br />

- If applicable: project<br />

- If applicable: intended applications which should be used and need to<br />

access the database system<br />

- If applicable: details on planned activities in the database system -<br />

including their duration - and the rights required for this purpose<br />

- If applicable: restrictions imposed on times, access rights (for certain<br />

tables, views etc.) and restricted user environments<br />

- If applicable: Approval by superiors<br />

A limited number of authorisation profiles must be specified. New users are<br />

assigned to one or more profiles, thus receiving precisely those rights which<br />

are required for performing their individual activities. Database-specific<br />

possibilities of configuring users and user groups need to be considered here.<br />

It is advisable to specify naming conventions for user IDs and group IDs (e.g.<br />

user ID = abbreviation of organisational unit || serial number).<br />

User, role, and group profiles can be used here. If possible, user-specific<br />

profiles should not be employed, as a high number of users would require a<br />

great deal of administrative effort. A balance needs to be struck between<br />

restrictive and liberal authorisation profiles when defining group profiles. If<br />

group profiles are made too restrictive, a large number of groups will need to<br />

be maintained, thus requiring a lot of administrative effort. If group profiles<br />

are made too liberal, redundancies could arise between the different groups, or<br />

granted rights could prove unnecessarily extensive, thus holding a potential<br />

for impairing the confidentiality of data.<br />

As a rule, every user should be assigned a separate database ID; several users<br />

must not be allowed to operate under the same ID.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!