InterBase User Security – InterBase Labs

InterBase User Security

User Security isn’t new; everyone is use to logging into the applications they use. To help developers build cross platform applications faster, InterBase has a flexible API for user security that simplifies the access to data held in InterBase regardless if your application is deployed to Windows, Mac, Linux, iOS and Android.

User Security in InterBase helps control WHO gets to see WHAT and is enhanced with a strong encryption model (which I covered in the Rising to the Data Security Challenge webinar) so lets focus on the foundations of user security in this article.

Planning your data security!

Before you create an application (or expand an existing application) it is important to know what data you are going to collect, where it is going to be stored and who is going to access it.  This is general good practice in terms of data protection laws.

Data Controller and Data Processor
Data Controller and Data Processor

Once you know who is going to be working with the data, you can then

  1. Break down responsibilities into ROLES that match the level of access they should have to the data. (you may find that many people have many similar and different roles)
  2. Create roles in the database to match the identified functional roles.
  3. Grant rights to the roles in the database to work with the required data.
  4. Assign the roles to the individual users in the database.

You can control and set in InterBase the following rights for data (on tables / stored procedures)

  • Select
  • Insert
  • Update
  • Delete
  • Encrypt
  • Decrypt
  • Reference
  • Execute

Why use Roles?

Adding InterBase Roles makes it easier to update the access rights of a specific group of users and ensure that its reflected across all InterBase users of that role immediately. This saves managing all users individually which would quickly lead to a fragmented setup. ROLES also allow users to where multiple organisational hats easily and allows them to access the appropriate data accordingly.

 

Leave a Reply

Your email address will not be published. Required fields are marked *