16.0 Privileged Access to Databases
When users access a database with privileged credentials, the chances for data loss or sensitive information misuse go up. The administrators need to ensure that the connection to the database is secure and the database credentials are not misused. Privileged Account Manager provides the database monitoring feature where administrators can protect the database by controlling and monitoring the activities of the users who connect to the database.
In addition, Privileged Account Manager allows you to assign the risk to a specific query or a table in the database. Based on the risk configuration, you can identify any suspicious activities in the database and disconnect the session or block the respective user from accessing the database.
Privileged Account Manager enables you to control and monitor database accesses by granting access to the database as follows:
-
Database Access Through Credential Checkout:
This method enables you to provide privileged access to the database using the credentials checked out from Privileged Account Manager. In this method, the privileged account credentials are reset after every check-in to avoid misuse of credentials. For more information about configuring credential checkout for the database, see Database Access Through Credential Checkout.
-
Database Access Through PAM Proxy:
Using this method, you can allow users to access the database through PAM proxy where PAM monitors the activities performed on the database. For more information about configuring database access through PAM proxy, see Database Access Through PAM Proxy.
-
SSO to the Database:
Using this method, you can allow users to SSO to a database session and monitor the activities performed on the database. For more information about configuring privileged SSO to database, see Application SSO.
Based on the information in the following table, you can choose the appropriate database access method:
|
Method |
Keystroke Audit |
Command Audit |
Video Capture |
Command Risk & Automatic Session Disconnect |
Manual Disconnect |
|---|---|---|---|---|---|
|
Database Access Through PAM Proxy (Agentless) |
|
|
|
|
|
|
Database Credential Checkout (Agentless) |
|
|
|
|
|
|
Privileged SSO to Database (Agentless) |
|
|
|
|
|