Database Security and the DBA
The database administrator (DBA) is the central authority for managing a database system. The DBA’s responsibilities include granting privileges to users who need to use the system and classifying users and data in accordance with the policy of the organization. The DBA has a DBA account in the DBMS, sometimes called a system or superuser account, which provides powerful capabilities that are not made available to regular database accounts and users.DBA-privileged commands include commands for granting and revoking privileges to individual accounts, users, or user groups and for performing the following types of actions:
1. Account creation. This action creates a new account and password for a user or a group of users to enable access to the DBMS.
2. Privilege granting. This action permits the DBA to grant certain privileges to certain accounts.
3. Privilege revocation. This action permits the DBA to revoke (cancel) certain privileges that were previously given to certain accounts.
4. Security level assignment. This action consists of assigning user accounts to the appropriate security clearance level.
The DBA is responsible for the overall security of the database system. Action 1 in the preceding list is used to control access to the DBMS as a whole, whereas actions 2 and 3 are used to control discretionary database authorization, and action 4 is used to control mandatory authorization.