Red lines in the following image illustrate the database security issues discussed on this chapter.
Database Security in QPR Metrics System
As mentioned in the overview, the QPR Metrics System needs to be configured to allow only a few connections to the database - the rest of the work is handled by user administration.
When connecting to the database, the system uses the basic authentication methods provided by ODBC-compliant database vendors.
QPR Metrics Server
The QPR Metrics Server needs one database user the context of which it uses when connecting to the database. This user must have full (INSERT, UPDATE and SELECT) access to every table in the QPR database.
Third-party reporting components used for QPR Metrics reporting require read (SELECT) access to the QPR database tables. Additional security can be reached by denying access to certain tables that are not necessary for the reports (i.e. SC_USER).