SAP Sybase ASE 15.7 ESD#2 – Separation of Duties

    By: Peter Dobler on Apr 05, 2013

    Protecting sensitive data from prying eyes is a hot topic these days. According to Gartner research results, 70% of high-cost security incidents occur when data from inside the organization gets out. Most data leakage occurs either by accident, or because of poor business processes.

    SAP Sybase ASE 15.7 ESD#2 has introduced a new security feature called Granular Permissions. This is a new feature that enables database administrators to fine tune the “separation of duties” that were in place since the introduction of role based security. Granular Permissions offer organizations the path to avoid security breaches, and have tighter control over which users can access sensitive data.

    Granular Permissions are grantable system privileges that allow you to enforce “separation of duties.” For tight access control, all users in a database environment should be granted the least amount of privileges possible required for doing their job. Granular Permissions reconstruct system-defined roles (sa_role, sso_role, oper_role and application_role) to a set of explicitly granted privileges. In other words, Granular Permissions divide role-based security into individual, grantable privileges that can be assigned to and revoked from any database user. System privileges can overlap. Some privileges imply another, more granular privileges. In this case, it is important to understand the hierarchy of the privileges to grant exactly the right ones.

    Login to read the article. Not a member? Create a free account!

    Released: April 5, 2013, 8:03 am | Updated: January 30, 2014, 7:49 pm
    Keywords: ASE DBA Article | Technical Journal | ASE | ASE 15.7 | ASE 15.7 ESD #2 | ASE DBA | Data Security | Peter Dobler


     

     

    TwitterLLinkedinLFacebook

    Copyright © 2014 ISUG-TECH. All Rights Reserved
    All material, files, logos and trademarks within this site are copyright their respective organizations

    Terms of Service - Privacy Policy - Contact the Help Desk