Siebel Security Hardening Guide > Securing the Siebel Database >

Restricting Access to the Siebel Database

Sensitive user information, such as credit card numbers, customer details, email IDs, and so on, is usually stored in the database that an application is using. It is important to classify the data that is stored in the database and to implement a role-based access system.

Define stringent policies for Siebel database access both at the account-login level and at the network-visibility level. Only assign authorized users, for example, approved database administrators (DBAs), system accounts for root usage and remote access to the server.

Define access rules so that users cannot log in to the Siebel database and execute queries. Follow these guidelines for the operating systems:

• Windows. Add all general users to the Public group in the Siebel database and assign appropriate rights.
• UNIX. Do not grant database administrator privileges to general users.

For additional information, see your RDBMS documentation.