Access Control, User Accounts and Database Audits

Whenever a person or a group of persons needs to access a database system, the individual or group must first apply for a user account. The DBA will then create a new account number and password for the user if there is a legitimate need to access the database.

The user must log in to the DBMS by entering the account number and password whenever database access is needed.

The DBMS checks that the account number and password are valid; if they are, the user is permitted to use the DBMS and to access the database.

The database system must also keep track of all operations on the database that are applied by a certain user throughout each login session, which consists of the sequence of database interactions that a user performs from the time of logging into the time of logging off.

When a user logs in, the DBMS can record the userís account number and associate it with the computer or device from which the user logged in. All operations applied from that computer or device are attributed to the userís account until the user logs off.

It is particularly important to keep track of update operations that are applied to the database so that, if the database is tampered with, the DBA can determine which user did the tampering.