Submodule 1: Overview fo Database Security

Assignment 1
Security Policies and Access Rules

Created: July 14, 2003
Last Updated: February 10, 2004

Assignment version number: Version 0.1
Author of the Assignment: Author: Dr. Morris Liaw


Level of Difficulty: Moderate

Completion Time: 2weeks

Progaramming involved: No


Objectives

In this project, students will investigate the database security policies and access rules for a small company.

Note:

A database must have a solid security system to control which activities can be performed and which information can be viewed and modified.
A solid security system must ensure the protection of data, regardless of how users gain access to the database.

Description

In a small Houston company, multiple people perform various tasks in the database. Supposed Joe Tuck, a database administrator, is responsible for the database environment: creating the database, tables, and security accounts, performing backups, and tuning the database. Two developers, Mary Smith and Brian White, are responsible for writing client applications to provide an interface to the data. Managers prepare information reports from the database and so need access to all available data. Administrative staffs perform customer and sales data entry and must be able to view all data.

The Project

1. List all the items and activities in the database that must be controlled through security.
2. Identify the individuals and groups in the company.
3. Cross-reference the two lists to identify which users can see which sets of data and perform which activities in the database.
4. Write up the plan to set up the database security system for the above small company.

Resources

Books
Articles
Links

Glossary