Control access to databases

Grant privileges contains information about how the normal database-privilege mechanisms are based on the GRANT and REVOKE statements. You can sometimes use the facilities of the operating system, however, as an additional way to control access to a database.

No matter what access controls the operating system gives you, when the contents of an entire database are highly sensitive, you might not want to leave it on a public disk that is fixed to the computer. You can circumvent normal software controls when the data must be secure.

When you or another authorized person is not using the database, it does not have to be available online. You can make it inaccessible in one of the following ways, which have varying degrees of inconvenience:

Detach the physical medium from the computer and take it away. If the disk itself is not removable, the disk drive might be removable.
Copy the database directory to tape and take possession of the tape.
Use an encryption utility to copy the database files. Keep only the encrypted version.

Important: In the latter two cases, after making the copies, you must remember to erase the original database files with a program that overwrites an erased file with NULL data.

Instead of removing the entire database directory, you can copy and then erase the files that represent individual tables. Do not overlook the fact that index files contain copies of the data from the indexed column or columns. Remove and erase the index and table files.