Compound measures, not redundant

The different steps taken in securing a database can be seen as sometimes compound, but they should not be redundant. Redundancy could be symbolized by two locks on the same door - what if they pry it open from the hinges? But how about one lock and reinforce the hinges, or one lock and an alarm? That would represent compound measures.

Recently someone asked me about adding an operating system group level for ownership of sensitive financial information at the R-code level. Obviously that's a good idea, but if you can keep them out of the editor of the database and you lock up the usr_mstr then this could represent a redundancy requiring extra resources. I almost think that it would be better to "trap" someone running a compiled procedure that they weren't supposed to. My favorite way would be via an email script embedded in every sensitive program, but that's just me. The -yx parameter can be used as well but it's useless in the event of ID spoofing.