Security features available in Adaptive Server

SQL Server version 11.0.6 passed the security evaluation by the National Security Agency (NSA) at the Class C2 criteria. (The requirements for the C2 criteria are given by the Department of Defense in DOD 52.00.28-STD, Department of Defense Trusted Computer System Evaluation Criteria [TCSEC], also known as the “Orange Book.”)

The configuration of SQL Server version 11.0.6 that was evaluated at the C2 security level by the NSA in 1996 on the HP 9000 HP-UX BLS, 9.09+ platform is referred to as the evaluated configuration. Certain features of SQL Server, such as remote procedures and direct updates to system tables, were excluded from the evaluated configuration. Notes in the Adaptive Server documentation indicate particular features that were not included in the evaluated configuration. For a complete list of features that were excluded from the evaluated configuration, see Appendix A in the SQL Server Installation and Configuration Guide for HP 9000 HP-UX BLS, 9.09+.

Adaptive Server contains all of the security features included in SQL Server version 11.0.6 plus some new security features. Table 9-1 summarizes the major features.

Table 9-1: Major Security Features

Security feature

Description

Discretionary Access Controls (DAC)

Provides access controls that give object owners the ability to restrict access to objects, usually with the grant and revoke commands. This type of control is dependent upon an object owner’s discretion.

Identification and authentication controls

Ensures that only authorized users can log into the system.

Division of roles

Allows you to grant privileged roles to specified users so that only designated users can perform certain tasks. Adaptive Server has predefined roles, called “system roles,” such as System Administrator and System Security Officer. In addition, Adaptive Server allows System Security Officers to define additional roles, called “user-defined roles.”

Network-based security

Provides security services to authenticate users and protect data transmitted among machines on a network.

Auditing

Provides the capability to audit events such as logins, logouts, server start operations, remote procedure calls, accesses to database objects, and all actions performed by a specific user or with a particular role active. In addition, Adaptive Server provides a single option to audit a set of server-wide security-relevant events.