Data Access

The customer has complete control over what authorities and privileges are made available to any user who can connect to the database.

By default, when a Informix database is created, a number of privileges are granted to public allowing all connected users to use them. If strict control over access is desired, it is recommended to create the database without the PUBLIC keyword (Replacing PUBLIC with Specified Users) or to use security products such as IBM Guardium Data Protection for Databases to evaluate the access control model on the database.

Separation of duties

While Informix provides the ability to implement separation of duties through its granular authorization model, it does not enforce this policy. The customer is responsible for ensuring that is policy is properly implemented and maintained.

Privileged Administrators and Administrators

The highest level of database privilege is database administrator, or DBA. When you create a database, you are automatically the DBA and can grant same level of privilege to other users. If it is necessary to have multiple administrative users, the customer can implement additional protection against inappropriate access by this authority to client data in tables by implementing row and column access control (LBAC) and multi-level security (MLS), to control who has read access and write access to individual rows and columns on the tables containing sensitive data. For more information refer to Security Data .

Activity logs

Informix provides the ability to configure and enable audit logs through its [Auditing facility] Access to the data in these audit log files is controlled by the file permissions on the files. For more information refer to Auditing data security.