A data warehouse is a veritable gold mine of information. All of the organization's critical information is readily available in a format easy to retrieve and use. In a single operational system, security provisions govern a smaller segment of the corporate data but data warehouse security extends to a very large portion of the enterprise data. In addition, the security provisions must cover all the information that is extracted from the data warehouse and stored in other data areas such as the OLAP system.
In an operational system, security is ensured by authorizations to access the database. You may grant access to users by individual tables or through database views. Access restrictions are difficult to set up in a data warehouse. The analyst at a data warehouse may start an analysis by getting information from one or two tables. As the analysis continues, more and more tables are involved. The entire query process is mainly ad hoc. Which tables must you restrict and which ones must you keep open to the analyst?
19.4.1. Security Policy
The project team must establish a security policy for the data warehouse. If you have a security policy for the organization to govern the enterprise information assets, then make the security policy for the data warehouse an add-on to the corporate security policy. First and foremost, the security policy must recognize the immense value of the information contained in the data warehouse. The policy must provide guidelines for ...