Access control

There are various internal features of an iBase database that can be used to apply levels of security. All features are optional and can be added as their usefulness becomes apparent.

Auditing is included here but it can have other uses, including review of analysis steps that are taken to reach a result. In SQL Server databases, auditing is also used with alerting to give users information on why an alert is raised.

The need for security

Security has several aspects, which can depend on legislative and operational circumstances.

You might need to apply security for several reasons, such as:
  • Restricting access to sensitive data.
  • Providing a record of how data was added, changed, viewed, or exported to other systems.
The benefits of an appropriate security policy and its implementation can include:
  • Assurance that data is protected from deliberate or accidental change.
  • Assurance that sensitive data is protected from inappropriate viewing or other use.
  • Simple and appropriate working environments for staff in different functional areas or operational groups.

Applying security

The fundamentals of computer and database security apply to iBase. The first levels of protection are control of physical access and proper use of login identifiers and passwords. Full information about physical access control is outside the scope of this document, but you should not ignore the need for it.

User names and passwords

With iBase, you use user names and passwords to control access to databases, either database by database or in groups of databases (controlled by the same security file). You can choose to use Windows user names (single sign-on) or iBase user names.

All user names and passwords are stored in encrypted form, in security files, typically held in the same folder with the databases that they control.

After a user has access to a database, they might be subject to the following types of security:
  • Database permissions, to read or alter data.
  • Command access or denial, and usage monitoring.
  • Data access, for viewing or changing records.
  • Folder objects, to provide private storage of analysis methods.
Each of these types of security is applied through a dedicated type of security group, with a common method of defining their membership. See Types of Group for details.

Groups and their membership are held in the same security files as user identifiers and passwords.

Auditing

A final aspect of security is monitoring the use of databases, user access, and use of commands. iBase supports monitoring through audit logs and provides a dedicated application for viewing and analyzing logs.