Re: encrypting data in edb, revisited
- Posted by bill Oct 09, 2011
- 1311 views
Your first problem is EDB.
Your second problem is that encryption and read-only tables are not going to solve your problems without a lot of work. Encryption should be used to protect sensitive data not to control users.
What you need is:
- A server (preferably in a locked room).
- Records which partition by Department Group and Department.
- User department group, user department, and user ID.
- Views into the data which limit viewable records to those in the currently accessed department group.
It doesn't sound as if your data is correctly set up for this.
You really need a good relational database which provides views and constraints. Probably the best you can do at the moment is set up a server, create as many partitions as you need, put appropriate copies of the database on the partitions. Then each group has its own database.
Constraints you should meet:
- No record can be viewed by any user if it lacks an appropriate Department Group ID and Department ID.
- No user or admin can log in without providing a valid user name, user ID and Department.
- No user access to the database after hours or on the weekend (if this is appropriate).
- You should have logging set up so you can see who is connecting, how and when.
bj