Security Guide
Introduction to Vector Security
Security Features
Level of Security
Understanding Vector Security Mechanisms
Directory and File Permissions
User Authentication
Remote Users
Installation Passwords
The ingvalidpw Utility (Linux)
DBMS Authentication
Password Policy Configuration
Password Policy Blocklist
Authorization Identifiers
Subject Privileges
Object Permissions
Security Alarms
Security Auditing
Database Procedures
Data at Rest Encryption
Authorizing User Access
Types of Vector Users
How to Establish User Access
Users and Profiles
Working with User Objects
Create a New User with Accessdb
User Expiration Date
User Password
Authorize Multiple Users with SQLscript
Working with Profile Objects
Example of Using a Profile
Default Profile
Groups and Roles
Groups
Working with Group Objects
Example: Creating, Altering, and Dropping a Group using SQL Statements
Groups and Permissions
Roles
Working with Role Objects
Example: Creating, Altering, and Dropping a Role using SQL Statements
Roles and Permissions
Assigning Privileges and Granting Permissions
Subject Privileges
Auditor Privilege
Change_Password Privilege
Createdb Privilege
Ima_sec_read Privilege
Maintain_Audit Privilege
Maintain_Locations Privilege
Maintain_Users Privilege
Operator Privilege
Protected_User Privilege
Security Privilege
Trace Privilege
Unmask Privilege
Sets of Privileges Associated with a Session
Object Permissions
Working with Grants
Object Ownership and Granting Object Permissions
The GRANT Statement
Database Grants
How Database Permissions for a Session are Determined
Database Grant Examples
Table and View Grants
Table Grant Examples
Procedure Grants
Database Event Grants
Role Grants
How Grants Restrict Data Access
Grant Overhead
Multiple Permission Checks
How Privileges for a Session Are Determined
Access to Tables, Views, or Procedures and the Authorization Hierarchy
Access to Databases and the Authorization Hierarchy
How Database Privileges for a Session Are Determined
DBMSINFO--View Permissions for Current Session
Example: Return the Value of Query Row Limit for Current Session
Implementing Security Auditing
Security Alarms
Working with Security Alarm Objects
How to Implement a Security Alarm
Security Alarm Example
Security Auditing
Audit Focus
How to Enable Security Auditing
How to Verify Security Auditing Levels
Security Auditing Configuration Parameters
Security Audit Statements
Security Audit Levels for Users and Roles
Changes to Security Audit Status During a Session
Access to the Security Audit Log
Registering the Security Audit Log File
Querying the Registered Virtual Table
Obtain the Current Audit File Name
Controlling Access through Database Procedures
Database Procedures
Working with Procedure Objects
How to Implement a Database Procedure
Database Procedure Example
Access Control through Database Procedures
Using Data at Rest Encryption
Using Data at Rest Encryption
Data at Rest Encryption in Previous Vector Versions
Database vs. Function-based Encryption
Database Encryption
Requirements
How Database Encryption Works
The Power of Encryption
Disable Access to an Encrypted Database
Enable Access to an Encrypted Database
Creating and Locking an Encrypted Database
Unlocking an Encrypted Database
Encryption Key Management
Implications of Data Encryption for Database Design and Operations
Function-based Encryption
Log Records and Passphrases
Using Secure Communications Encryption with AES
AES Security Mechanism
Configure AES Encryption (Ingres Net and GCA Remote Access)
INGRES Mechanism Configuration for Encryption
AES Security Mechanism Configuration
Configure AES Encryption (JDBC and .NET)
Using Column Masking
Column Masking
Column Masking Example
Configuring Vector to Use Kerberos
Kerberos
Kerberos Configuration in the Enterprise
Kerberos Configuration Files--Configure Kerberos for Vector
The Vector Service Principal--Authorize Client Connections
Prerequisite Kerberos Software on Windows
How to Configure Vector to Use Kerberos
iisukerberos Command--Perform Basic Kerberos Configuration
Vector Configuration Options for Kerberos
Basic Configuration for Kerberos
mechanisms Parameter--Specify Dynamic Mechanism
domain Parameter--Specify Domain Name
remote_mechanism Parameter--Configure Client in a Homogeneous Kerberos Environment
vnode Connection Attributes--Configure Client in a Heterogeneous Kerberos Environment
Encryption Parameters--Enable Kerberos Encryption
How Name Server Delegation Works
Set Delegation
Service Principal Host Name Resolution
How to Configure Kerberos to Authenticate against Active Directory on Windows
Configuring LDAP Authentication
Configure LDAP Authentication Using PAM
Implementing FIM
What is Federated Identity Management
Requirements for using FIM
Configuring the DBMS for FIM
Scope of FIM
Self-Signed Certificates
Debugging FIM Authentication
Glossary
Security Guide
Glossary