Table 13-4: Major security features
Security feature
|
Description
|
|---|
Identification and authentication
controls
|
Ensures that only authorized users can
log into the system. In addition to password based login authentication,
Adaptive Server supports external authentication using Kerberos, LDAP,
or PAM.
|
Discretionary Access Controls
(DAC)
|
Provides access controls that give object
owners the ability to restrict access to objects, usually with the grant and revoke commands.
This type of control is dependent upon an object owner’s
discretion.
|
Division of roles
|
Allows an administrator to grant privileged
roles to specified users so only designated users can perform certain
tasks. Adaptive Server has predefined roles, called “system roles,” such
as System Administrator and System Security Officer. In addition,
Adaptive Server allows System Security Officers to define additional
roles, called “user-defined roles.”
|
Accountability
|
Provides the ability to audit events
such as logins, logouts, server start operations, remote procedure
calls, accesses to database objects, and all actions performed by
a specific user or with a particular role active. Adaptive Server
also provides a single option to audit a set of server-wide security-relevant
events.
|
Confidentiality of data
|
Maintains a confidentiality of data using
encrytion for Client-Server communications, available with Kerberos
or SSL. Data that is not active is kept confidential with password-protected
database backup.
|
