There are various internal features of an iBase database that can be used to apply levels of security. All features are optional and can be added as their usefulness becomes apparent.
Auditing is included here but it can have other uses, including review of analysis steps that are taken to reach a result. In SQL Server databases, auditing is also used with alerting to give users information on why an alert is raised.
The need for security
Security has several aspects, which can depend on legislative and operational circumstances.
- Restricting access to sensitive data.
- Providing a record of how data was added, changed, viewed, or exported to other systems.
- Assurance that data is protected from deliberate or accidental change.
- Assurance that sensitive data is protected from inappropriate viewing or other use.
- Simple and appropriate working environments for staff in different functional areas or operational groups.
The fundamentals of computer and database security apply to iBase. The first levels of protection are control of physical access and proper use of login identifiers and passwords. Full information about physical access control is outside the scope of this document, but you should not ignore the need for it.
User names and passwords
With iBase, you use user names and passwords to control access to databases, either database by database or in groups of databases (controlled by the same security file). You can choose to use Windows user names (single sign-on) or iBase user names.
All user names and passwords are stored in encrypted form, in security files, typically held in the same folder with the databases that they control.
- Database permissions, to read or alter data.
- Command access or denial, and usage monitoring.
- Data access, for viewing or changing records.
- Folder objects, to provide private storage of analysis methods.
Groups and their membership are held in the same security files as user identifiers and passwords.
A final aspect of security is monitoring the use of databases, user access, and use of commands. iBase supports monitoring through audit logs and provides a dedicated application for viewing and analyzing logs.