Building a Database Access Structure

In this manual, we group within the concept of database access, the objects that are used to let database users carry out their jobs while preserving the privacy and integrity of the information within the database.

Depending on the target DBMS, the setting up of a secure database environment implies the following tasks:

Creation of users (see Users (PDM))
Creation of groups (see Groups (PDM))
Creation of roles (see Roles (PDM))
Definition of system privileges (see Granting system privileges)
Definition of object permissions (see Granting object permissions)

Reverse Engineering

During reverse engineering by script, the permission and privilege grant orders are reverse engineered only if the user, group, or role already exist in the model or, in the case of a new model, if the user, group, or role creation orders are in the same script.

These restrictions do not apply to reverse engineering from a live database connection.

Users (PDM)
A user is a database object that identifies a person who can login or connect to the database.
Roles (PDM)
A role is a predefined profile that can be assigned to users, or roles in those DBMS that support this concept. Roles are reverse engineered in your model and you can also create user-defined roles.
Groups (PDM)
Groups are used to facilitate the granting of privileges and permissions to users. They prevent the time-consuming and error-prone process of assigning privileges and permissions individually to each user.
Synonyms (PDM)
A synonym is an alternative name for various types of objects (table, view, sequence, procedure, function, synonym or database package).

Parent topic: Building Data Models