在软件开发方面,我当然不是 DBA,只是初学者,因此感谢您提供任何帮助。将多方数据存储在一个数据库中最安全的结构是什么?例如,如果三个人可以访问同一张表,我想确保每个人只能看到他们的数据。是否最好为每个人创建一个唯一 ID 并将其与数据一起存储,然后根据该 ID 进行查询?还有其他我应该考虑的因素吗?
3 回答
...three people have access to the same tables...
If these persons can query the tables directly through some query tool like toad then we have a serious problem. if not, that is like they access through some middle tier/service layer or so then @wagregg's solution above holds.
coming to the case when they have direct access rights then one approach is:
- create database level user accounts for each of the users.
- have another table with row level grant information. say
your_table
has a primary key columnMY_PK_COL
then the structure of theGRANTS_TABLE
table would be like{USER_ID; MY_PK_COL}
withMY_PK_COL
a foreign key toyour_table
. - Remove all privileges of concerned users from your_table
- Create a view.
SELECT * FROM your_table WHERE user_id=getCurrentUserID();
- give your users SELECT/INSERT/UPDATE rights on this view.
Most of the database systems (MySQL, Oracle, SQLServer) provide way to get current logged user. (the one used in the connection string). They also provide ways to restrict access to certain tables. now for your users the view will behave as a normal table. they will never know the difference.
a problem happens when there are too many users. provisioning a database level uer account to every one of them may turn difficult. but then DBMS like MsSQLServer can use windows authentication, there by reducing the user/creation problem.
In most of the scenarios the filter at middle tier approach is the best way. but there are times when security is paramount. Also a bug in the middle tier may allow malicious users to bypass the security. SQL injection is one thing to name. then you have to do what you have to do.
听起来您在谈论多租户架构,但我无法确定。
此 SO 答案包含问题摘要,并链接到包含有关权衡的详细信息的在线文章。
您走在正确的轨道上,但是将 USER ID 映射到表中可能不是您想要的,因为实际上许多用户都可以访问公司数据。在这些情况下,您会将“CorpID”存储为列,或者更一般地存储为“ContextID”。但是,是的,为了限制对数据的访问,每一行都应该能够直接传达数据的用途(该行实际上包含对 CorpID、UserID、ContextID 等的引用),或者可以通过加入其他来推断引用限定符的表。
在实践中,这些规则由查询数据库的中间层强制执行,以某种方式提供用户上下文,以便从数据库中仅选择正确的记录并最终呈现给用户。