There are many approaches you can use to implement security on your system. In this chapter, we’re going to show you a sample application demonstrating one such approach. We’re not going to include every detail of every step that was taken to build the original application on which this example is based. Our goal is not to teach you how to implement only one security method. Instead, we’d like to provide you with ideas you can use to build your own system.
The sample application is a credit card review and certification system. To set the stage, we’ll provide a brief overview of the system’s functionality and present a discussion of the environment and requirements of the system. In Chapter 3, when we talked about database objects, we said that the tables in the database could be used by more than one application. This is the case with the credit card system. There will be references to objects (mostly tables) shared with other applications. We’ll refer to these objects as enterprise objects and the entire database as the enterprise database. Access to each object is controlled by the privileges that you give (or don’t give) to each user.
In this chapter we’ll use these steps in describing how the application was built:
Define the functionality of the application.
Describe the portions of the security plan that pertain to the application.
Explain how to build a role-object matrix (generally referred to as “the matrix”).
Show how ...