Abstract: Embodiments afford secure transfer of security key type(s) between different database servers having different key hierarchies. For example, a key transfer may occur from a source server to a target server during a database migration process. Particular embodiments comprise a SQL transfer command statement (e.g., TRANSFER ENCRYPTION KEY) recognized by an engine. Syntax of the SQL transfer command includes a password and a filename for a security key. Upon receiving the SQL transfer command, the engine references an information repository to identify a relevant key hierarchy and key type, encrypts the security key with a key derived from password, and stores (exports) the encrypted security key in a file for consumption (import) at the target server. The SQL transfer command may further comprise a direction component determining flow of key information, and an override function to deal with error messages arising from any already-existing security key having the same name.

Abstract: Embodiments afford secure transfer of security key type(s) between different database servers having different key hierarchies. For example, a key transfer may occur from a source server to a target server during a database migration process. Particular embodiments comprise a SQL transfer command statement (e.g., TRANSFER ENCRYPTION KEY) recognized by an engine. Syntax of the SQL transfer command includes a password and a filename for a security key. Upon receiving the SQL transfer command, the engine references an information repository to identify a relevant key hierarchy and key type, encrypts the security key with a key derived from password, and stores (exports) the encrypted security key in a file for consumption (import) at the target server. The SQL transfer command may further comprise a direction component determining flow of key information, and an override function to deal with error messages arising from any already-existing security key having the same name.

Abstract: Embodiments described herein generally relate to creating an autonomous role-based security system for a database management system, wherein a super user may not always be required. A computer-implemented method is described. The method includes establishing one or more privileges in a database system, each privilege controlling access to an administrative function for the database system. Each privilege is assigned to one or more roles. Each role may always have a minimum set of users with only administrative rights over the role. A request is received from a first user to grant a role to a second user. A database management system determines whether the first user has administrative privileges over the role. If the first user has administrative privileges over the role, the role is granted to the second user. The database system may satisfy the principles of least privilege and separation of duties.

Abstract: Multi-control password changing includes initiating a password change cycle to change a target user's password, selecting a plurality of administrators to provide password part inputs, receiving password part inputs separately and confidentially from the plurality of administrators, generating a multi-control password comprised of multiple password part inputs, changing the target user's password to the multi-control password, and transmitting either the single multi-control password or multiple password parts each separately to target user.

Abstract: Embodiments described herein generally relate to creating an autonomous role-based security system for a database management system, wherein a super user may not always be required. A computer-implemented method is described. The method includes establishing one or more privileges in a database system, each privilege controlling access to an administrative function for the database system. Each privilege is assigned to one or more roles. Each role may always have a minimum set of users with only administrative rights over the role. A request is received from a first user to grant a role to a second user. A database management system determines whether the first user has administrative privileges over the role. If the first user has administrative privileges over the role, the role is granted to the second user. The database system may satisfy the principles of least privilege and separation of duties.

Abstract: Multi-control password changing includes initiating a password change cycle to change a target user's password, selecting a plurality of administrators to provide password part inputs, receiving password part inputs separately and confidentially from the plurality of administrators, generating a multi-control password comprised of multiple password part inputs, changing the target user's password to the multi-control password, and transmitting either the single multi-control password or multiple password parts each separately to target user.