T 2.41 Poor organisation of the exchange of database users

If several users of a database share the same workstation, then there is a risk of accidental or deliberate manipulation of the data when there is no procedure provided for switching users or the switch is not executed properly. The confidentiality of the data cannot be guaranteed any more in this case.

Example:

If an application that accesses a database is not properly terminated before switching users, then the different authorisation profiles of the corresponding users can lead to the threats mentioned above. In this case, the logging mechanisms of the database are also undermined since they record the activities of the users and modifications to data by the currently active user ID. This ID might not match the user ID of the actual user in such a case. This means that modifications to data cannot be uniquely associated to a specific user any more.