S 4.68 Ensuring consistent database management

Initiation responsibility: IT Security Officer, Head of IT, Administrator

Implementation responsibility: Administrator

Database administration is the primary focus of an operating concept created for a database system (DBS). The operating concept forms the basis for the ability to ensure, among other things, consistent database administration. The operating concept must define all processes important for the operation of the DBS with clearly defined starting points, their performance sequences, goals as well as the roles authorised to carry out the processes together with their rights and duties.

In addition to this, real people must be assigned to the roles defined in the course of the project.

In the descriptions of the roles, tasks, access rights, and authorisations necessary to perform certain functions assigned to the roles are described (see also S 2.132 Provisions for configuring database users / user groups). In the database management system (DBMS), the roles defined must be configured as user groups that are then granted the rights required for the corresponding role. The users fulfilling these roles are then assigned to the user groups with the corresponding role profiles using their user IDs.

The following information in particular should be noted when administering users:

• The system administrator is a special user in the rights management system of the database system. It is available immediately after the installation of the DBMS. This user can generally use the database system without any restrictions, which means there is a risk of errors or misuse by this user. This user ID should only be used by the small group of system administrators for explicitly specified administrative tasks such as the configuration of database administrators for individual databases.
• The user groups containing the database administrators for the individual databases, and therefore the users in these user groups, can generally use and manipulate the databases for which they are responsible without any restrictions, which gives rise to a general potential risk. The rights necessary to perform these tasks as well as the group of people granted these rights must therefore be clearly defined and documented.
• In many cases, the administrators also work as regular users in a database, since they perform regular user tasks in addition to their database administration tasks or use the database for the storage and administration of documentation relating to database administration. In this case, a normal user ID is to be created and used by the administrator in addition to the administrator ID used when carrying out such work in the database. The administrator IDs may only be used when performing administrative tasks.
• Cases in which a user is assigned to several user groups should be carefully planned, since the user will possess the sum of the authorisations of all user groups to which he is assigned.

In addition, the tasks must be clearly divided, binding rules must be created, and the coordination between the administrators must be ensured so that administrators cannot execute any operations that could lead to an inconsistent or incomplete database. The following conditions should be fulfilled in this case:

• The methods and procedures for making changes as well as their documentation must be specified.
• The type, scope and reasons for the changes must be described in each case.
• Changes to database objects or data must be approved in advance by the person responsible for the IT application. If the database object is a central database object, then a change to it requires the permission of all persons responsible for the affected IT applications.
• The times of the planned changes must be specified and announced.
• A full backup of the database must be created before any changes are made.
• An interval should be specified for checks conducted during live operations in which the currency and correctness of the documents/logs are checked (see also S 4.69 Regular checks of database security).

To avoid any threats to database integrity and to ensure consistency of individual records, all database objects of an application should be placed under the administration of a single user group created especially for the corresponding application. Only users requiring the right to access the database objects of the corresponding application directly in order to perform their tasks may be assigned to this user group. In addition, the database administrator responsible for the particular application must also be a member of this user group.

Review questions:

• Are all processes for the administration and use of the database which are important for the operation of the database system and the roles authorised to carry out these processes with their rights and duties defined in an operating concept?
• Does each database administrator have additional user IDs with restricted rights for non-administrative activities in the database?
• Are there binding rules for administrators preventing them from executing any operations that could lead to an inconsistent or incomplete database (including documentation of changes made to the database, changes subject to prior approval, full backup prior to changes, regular checks)?