how can i secure the access to my data base ?

[suze]

Hello my friends or rather my savers
My problem it is that I manage a database under ingres2006 or are to it users exploits it with applications developed by old Open Road 2 .1
In this BDD nothing is protected all users can call the Tables utility and isql as well as the accesses by ODBC Windows
Please propos me solutions where I can restrict the access. And protect tables of my data base
Thank you !

RQ:

When we install Ingres on a PC Customer the following software is installed to him:
1- Open Road
2- Ingres Net Customer + patch
3- ODBC Ingres in order to use it in applications such as hook Crystal Reports
4- we create Virtual Nœud
5- And to launch the OpenRoad applications (Customer) or the images Open Road we create a short cut of the image and we modify the properties of the short cut like continuation: C:\oping\ingres\bin\w4glrun.exe - dNOUED:: DATABASE c:\image\imageopenfroad.img
i give you these detail because the problem can be in the procedure

--------------------Message in frensh---------------------------------------------------

Salut mes amis ou plutôt mes sauveurs
Mon problème c’est que j’administre une base de données sous ingres2006 ou l’es utilisateurs l’exploite grâce a des applications développées par l’ancien Open Road 2 .1
Dans cette BDD rien n’est sécurisé les utilisateurs peuvent tous appeler l’utilitaire Tables et isql ainsi que les accès par ODBC Windows
Veuillez me proposés des solutions où je peux restreindre l’accès .
Merci
rq:
Lorsque on installe ingres sur un PC Client on lui installe les logiciels suivants :
1- Open Road
2- Ingres Net Client + patch
3- ODBC Ingres afin de l’utiliser dans des applications telles que crystal Report
4- On cree un Virtual Nœud
5- Et pour lancer les applications Open Road (Client) ou les images Open Road on crée un raccourci de l’image et on modifier les propriétés du raccourci comme suite :
C:\oping\ingres\bin\w4glrun.exe -dNOUED :: DATABASE c:\image\imageopenfroad.img

Je vous donne ces détailles car peut être le problème est la

[suze]

please give's me somme think !!!!!!

[rhann]

This is pretty fundamental stuff so I suggest you get hold of a copy of Rick van der Lans' excellent SQL Guide to Ingres because there is much else in it that you will find helpful. Chapter 23 covers your question quite succinctly.

[suze]

thank you Mr rahnn I will see it and I you will return to account I m' sorry for my average english

[suze]

Thank you Mr. Roy for your proposal but unfortunately (malheureusement ) it is beyond my financial means On the one hand and on the other hand I do not have the means techenic to pay the editor because in Algeria there is no payment by bank card
I am sour that the knowledge of Mr. Rick van der Lans is worth more than 121.29 euro Thank you encor another time for all the interest that you had to give to me

[stephenb]

The information can also be found in the Ingres manuals, although you may have to work a little harder to get it. The manuals are oriented towards giving you technical information about the product rather than teaching you how to deal with specific scenarios like this (that's where the Ingres book comes in handy). I would look at the "GRANT" and "REVOKE" statements in chapter 8 of the "SQL Reference Guide"; you may also want to read through the "Security Guide" from cover to cover, and especially Chapter 5 on "Assigning privileges and Granting Permissions". The guides can be downloaded from http://esd.ingres.com or viewed at http://docs.ingres.com; I would recommend downloading the documents because you have a lot of reading to do.

It appears that you probably want to disallow any user (except the DBA), access to all tables and then create a password protected role for the application and grant access to the role; but there are hundreds of ways of solving this issue and how you implement security is different depending on your environment, how much you trust your users, and how much security maintenance work your willing to put up with. The only way you will strike a balance and get it right is to read the documentation and make an informed decision.

[bilgihan]

- Create a database owner (dba) and ensure all objects, tables, procedures, views are owned by dba
- Users should not use DBA connection attributes to access the database
- add below grants for the users in question:
"select update delete insert copy_into copy_from" = "all"
e.g. grant select on <table> to "<end_user>"
- Enable journaling, security auditing for the database
This will allow to monitor who did '...', if necessary
- You can use 'role' in OpenROAD to restrict client access
- Install ODBC with read-only option.
- Take advantage using "timeout, readlock=nolock" so unintended
Tx does not cause locking/resource problems.

[suze]

First thank you for your answers and I make a point of saying to you that yesterday I was astonished when nobody my answered ............. It east proved that it east had has a natural phenomenon which is the night and the day then when I sent my message America slept
then I thank you once again and I wish you a good night.
For the problem it has another part about which I did not speak to you.
It is that the users must insert and update data in the tables of data base
then I cannot make
grant select on <table> to "<end_user>"
with regard to the creation of a user not dBa it east make , the OpenRoad images are launched by a user who is different from user dBa
My problem all simply is made that all PC where Ingres.NET and OpenRoad and ODBC Ingres are installed the users can call TABLES or isql by using the same user as the OpenRoad applications(images) and for this reason it their is enough to catalogue the netutil or of even the short cut of the OpenRoad images or they can recover the VNŒUD and reach the BDD.
With regard to the user without being able (with grant on select) one to create one which one uses to reach has a Web site which exploits the data of the BDD
I hope that I was explicit and that I do not have to disturb y
Excuse me for the bad english because i m speaking french

[rhann]

Quote:

Originally Posted by suze

My problem all simply is made that all PC where Ingres.NET and OpenRoad and ODBC Ingres are installed the users can call TABLES or isql by using the same user as the OpenRoad applications(images) and for this reason it their is enough to catalogue the netutil or of even the short cut of the OpenRoad images or they can recover the VNŒUD and reach the BDD.

As stephenb suggested earlier, you probably need to create a password protected role (see CREATE ROLE and GRANT ROLE), and then grant that role access to your tables. Your applications will then need to connect using the ROLE. Permissions granted to a role take precedence, so your users don't need any permission on the tables provided they use your applications (and provided they don't connect as the DBA).

[dejan]

@suze: The book is €40.43, not €121.29!!