Table 1-2 summarizes the major security features that are available for Adaptive Server. For information about configuring Adaptive Server for security, see Part 2 of this manual.
Security feature |
Description |
Where |
|---|---|---|
Identification and authentication controls |
Ensures that only authorized users can log in to the system. In addition to password-based login authentication, Adaptive Server supports external authentication using Kerberos, LDAP, or pluggable authentication modules (PAM). |
|
Discretionary access controls (DAC) |
Provides access controls that let object owners restrict access to objects, usually with the grant and revoke commands. This type of control is dependent upon an object owner’s discretion. |
|
Division of roles |
Allows an administrator to grant privileged roles to specified users so only designated users can perform certain tasks. Adaptive Server has predefined roles, called “system roles,” such as system administrator and system security officer. In addition, Adaptive Server allows system security officers to define additional roles, called “user-defined roles.” |
|
Accountability |
Provides the ability to audit events such as logins, logouts, server start operations, remote procedure calls, accesses to database objects, and all actions performed by a specific user or with a particular role active. Adaptive Server also provides a single option to audit a set of server-wide, security-relevant events. |
|
Confidentiality of data |
Maintains a confidentiality of data using encryption for client/server communication, available with Kerberos or secure sockets layer (SSL). Inactive data is kept confidential with password-protected database backup. |
