Mimer Developer Site


Access Security

Through the advanced security facilities of Mimer SQL, the database can be protected from any unauthorized access. Database privileges authorize users to perform certain SQL operations, such as insert, update, or delete, on selected database objects. The extremely flexible security system provided by Mimer SQL enables data to be protected down to a single element (row/column); allowing you to precisely enforce database security policies, ensuring users have only the privileges they need.

A unique feature of Mimer SQL is the "role concept", where the access rights for a user can be increased under password protection. The role concept allows Mimer SQL's security system to distinguish between users who are accessing the database from the controlled environment of an application, and users who are using ad-hoc tools. Mimer SQL provides the role concept through the PROGRAM ident.

By utilizing Mimer SQL's advanced facilities for access control and security much coding in applications is avoided and all applications utilize a consistent set of controls.

Within Mimer SQL an Ident is an authorized user of the system. It can also be a collective identity of a group of users sharing common privileges. Four types of idents are supported:

When an Ident connects to Mimer SQL in a client/server environment, the password for the ident is encrypted on the client side. This means that only encrypted passwords are sent over the network, to assure that no unauthorized users can get a hold on a password by tapping the network.

Each ident is given privileges within the system defining the operations that ident is allowed to perform. An ident receiving a privilege 'WITH GRANT OPTION' may pass the privilege on to another ident.

System privileges give the right to create global objects within the database:

Object privileges give rights over certain specified objects in the system. Mimer SQL supports the following object privileges:

Object privileges are initially granted only to the creator of the object. Their grantor may revoke privileges.

Access privileges give rights of access to the contents of a specified table or view. There are five access privileges:

Access privileges are initially granted only to the creator of the table or view. The privilege may be passed on to other idents with or without grant option

Upright Database Technology AB
Voice: +46 18 780 92 00
Fax: +46 18 780 92 40