Before you can implement specific features, you must develop a security policy. You, your management, the application support team, and your users have to decide on how open the database and its data will be. This decision depends upon the specifics of the application and the requirements of your organization. Security policies vary widely. We have seen read-only databases where everyone in the company has access to query all data, and we have seen databases so sensitive that all access is through restricted terminals.

The following summaries provide lists of questions you will have to answer when establishing your own site’s security policy. Later sections contain basic information on how to implement your decisions.