Security Guide
Introduction to Vector Security
Security Features
Level of Security
Understanding Vector Security Mechanisms
Directory and File Permissions
User Authentication
Remote Users
Installation Passwords
The ingvalidpw Utility (Linux)
DBMS Authentication
Authorization Identifiers
Subject Privileges
Object Permissions
Security Alarms
Security Auditing
Database Procedures
Data at Rest Encryption
Authorizing User Access
Types of Vector Users
How to Establish User Access
Users and Profiles
Working with User Objects
Create a New User with Accessdb
User Expiration Date
User Password
Authorize Multiple Users with SQLscript
Working with Profile Objects
Example of Using a Profile
Default Profile
Groups and Roles
Groups
Working with Group Objects
Example: Creating, Altering, and Dropping a Group using SQL Statements
Groups and Permissions
Roles
Working with Role Objects
Example: Creating, Altering, and Dropping a Role using SQL Statements
Roles and Permissions
Assigning Privileges and Granting Permissions
Subject Privileges
Auditor Privilege
Change_Password Privilege
Createdb Privilege
Ima_sec_read Privilege
Maintain_Audit Privilege
Maintain_Locations Privilege
Maintain_Users Privilege
Operator Privilege
Protected_user Privilege
Security Privilege
Trace Privilege
Unmask Privilege
Sets of Privileges Associated with a Session
Object Permissions
Working with Grants
Object Ownership and Granting Object Permissions
The GRANT Statement
Database Grants
How Database Permissions for a Session are Determined
Database Grant Examples
Table and View Grants
Table Grant Examples
Procedure Grants
Database Event Grants
Role Grants
How Grants Restrict Data Access
Grant Overhead
Multiple Permission Checks
How Privileges for a Session Are Determined
Access to Tables, Views, or Procedures and the Authorization Hierarchy
Access to Databases and the Authorization Hierarchy
How Database Privileges for a Session Are Determined
DBMSINFO--View Permissions for Current Session
Example: Return the Value of Query Row Limit for Current Session
Implementing Security Auditing
Security Alarms
Working with Security Alarm Objects
How to Implement a Security Alarm
Security Alarm Example
Security Auditing
Audit Focus
How to Enable Security Auditing
How to Verify Security Auditing Levels
Security Auditing Configuration Parameters
Security Audit Statements
Security Audit Levels for Users and Roles
Changes to Security Audit Status During a Session
Access to the Security Audit Log
Registering the Security Audit Log File
Querying the Registered Virtual Table
Obtain the Current Audit File Name
Controlling Access through Database Procedures
Database Procedures
Working with Procedure Objects
How to Implement a Database Procedure
Database Procedure Example
Access Control through Database Procedures
Using Data at Rest Encryption
What Is Data at Rest Encryption?
Requirements
Data at Rest Encryption in Previous Vector Versions
How Encryption Works
The Power of Encryption
Transparent Column Encryption (DBMS Server-level Encryption)
Database vs. Function-based Encryption
Database Encryption
Disable Access to an Encrypted Database
Enable Access to an Encrypted Database
Create an Encrypted Database and Lock It
Unlock an Encrypted Database
Function-based Encryption
Encryption Information Displayed with HELP TABLE
Encryption Key Management
Implications of Data Encryption for Database Design and Operations
Understanding Salt
Encryption and Copydb/Unloaddb Considerations
Optimizedb Considerations for Data at Rest Encryption
Log Records and Passphrases
Encryption and Partitioned Tables
Using Secure Communications Encryption with AES
AES Security Mechanism
Configure AES Encryption
INGRES Mechanism Configuration for Encryption
AES Security Mechanism Configuration
JDBC Encryption
Using Column Masking
Column Masking
Column Masking Example
Configuring Vector to Use Kerberos
Kerberos
Kerberos Configuration in the Enterprise
Kerberos Configuration Files--Configure Kerberos for Vector
The Vector Service Principal--Authorize Client Connections
Prerequisite Kerberos Software on Windows
How to Configure Vector to Use Kerberos
iisukerberos Command--Perform Basic Kerberos Configuration
Vector Configuration Options for Kerberos
Basic Configuration for Kerberos
mechanisms Parameter--Specify Dynamic Mechanism
domain Parameter--Specify Domain Name
remote_mechanism Parameter--Configure Client in a Homogeneous Kerberos Environment
vnode Connection Attributes--Configure Client in a Heterogeneous Kerberos Environment
Encryption Parameters--Enable Kerberos Encryption
How Name Server Delegation Works
Set Delegation
Service Principal Host Name Resolution
How to Configure Kerberos to Authenticate against Active Directory on Windows
Configuring LDAP Authentication
Configure LDAP Authentication Using PAM
Glossary
Security Guide
Glossary