SSAJAROFF
Reputable Poster
Hi there!
I've got some comments on System based vs. User based security that I'd like
to share ...
System Based
------------
1) You deal with a single DB login (typically JDE)
2) All DB connections are impersonated on a single DB login, this doesn't
help neither auditing
nor tuning.
3) Password maintenance is easy on the DB side.
4) Whenever you need to change JDE DB password, you'll have to enter GH9052
User-Security
on every OneWorld user.
5) There's only two places where you may apply SQL login security : JDE and
PUBLIC group.
User Based
----------
1) You deal with a mess of DB logins. Imagine if you have more than one DB
server!
2) DB connections are impersonated on different logins, this helps both
auditing and tuning.
3) Password maintenance is difficult on the DB side.
4) Password maintenance is easier on the OW side. JDE login password
alterations doesn't affect
the rest of OW users.
5) You may define specifical DB security for every DB login.
As you may see, both solutions have pros and cons; be aware that you may
also apply mix
solutions (e.g. : to define a single DB login for every user group).
Yours, Sebastian Sajaroff
[email protected]
MCSE,MCDBA,MCP+I,Citrix Admin
B7321 to Xe, NT/SQL, JAS, Interoperability
B7321 to Xe, NT/W2K/SQL
JAS, Interoperability
MCDBA,MCP+I,MCSE,Citrix Admin
I've got some comments on System based vs. User based security that I'd like
to share ...
System Based
------------
1) You deal with a single DB login (typically JDE)
2) All DB connections are impersonated on a single DB login, this doesn't
help neither auditing
nor tuning.
3) Password maintenance is easy on the DB side.
4) Whenever you need to change JDE DB password, you'll have to enter GH9052
User-Security
on every OneWorld user.
5) There's only two places where you may apply SQL login security : JDE and
PUBLIC group.
User Based
----------
1) You deal with a mess of DB logins. Imagine if you have more than one DB
server!
2) DB connections are impersonated on different logins, this helps both
auditing and tuning.
3) Password maintenance is difficult on the DB side.
4) Password maintenance is easier on the OW side. JDE login password
alterations doesn't affect
the rest of OW users.
5) You may define specifical DB security for every DB login.
As you may see, both solutions have pros and cons; be aware that you may
also apply mix
solutions (e.g. : to define a single DB login for every user group).
Yours, Sebastian Sajaroff
[email protected]
MCSE,MCDBA,MCP+I,Citrix Admin
B7321 to Xe, NT/SQL, JAS, Interoperability
B7321 to Xe, NT/W2K/SQL
JAS, Interoperability
MCDBA,MCP+I,MCSE,Citrix Admin