Security

CTK contains tools that can provide users access to confidential data, and which also have the potential to cause severe damage to the database. Access to these tools should be carefully considered. The tools in CTK which present a special security or database integrity risk are described below.

• SQL Database Manager: With SQL Database Manager a user can select any table in any database and view the data inside the table (or SQL View). Both Database Manager and its Show Data window are view-only tools, so there is no possibility of damaging data with these tools.
• SQL Query: SQL Query is similar in functionality to SQL Server Version 6 “Query Analyzer” window. Users with access to this tool can view any data in the database. Additionally, they can execute queries against the database, potentially changing or deleting data.
• Finder: Finder locates table records which contain a search term. Since it searches all tables, it is possible for the tool to return results containing confidential data.
• Stored Query Maintenance: similar to the Query tool, this window has the ability to create SQL Queries. A user constructed query has the potential to be damage data and the database. The Stored Query Maintenance window should only be given to administrator-level users. The Execute Stored Query window can run a saved query, but does not give the user any ability to view or edit the query in any way.

The installation process will create a Security Task and a Security Role called CONSULTKIT. The Security Task will have access to all windows in this product, and the Task will be automatically assigned to the Role.

To provide access to all windows in this product you can either:

• Add the CONSULTKIT Role to a User, or
• Add the CONSULTKIT Task to a User’s existing Role

Do NOT modify the CONSULTKIT Security Task. Each time an update is installed for Consulting Toolkit, it will recreate the Task so it has access to everything in the module, and any changes will be lost.