Skip to main content

Access Control Methods in DBMS

Access control in DBMS

Database access control is a method of allowing access to a company’s sensitive data only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons. It includes two main components: authentication and authorization.

Authentication is a method of verifying the identity of a person who is accessing your database. Note that authentication isn’t enough to protect data. An additional layer of security is required, authorization, which determines whether a user should be allowed to access the data or make the transaction he’s attempting. Without authentication and authorization, there is no data security.

Any company whose employees connect to the Internet, thus, every company today, needs some level of access control implemented.

Types of Access Control
Obsolete access models include Discretionary Access Control (DAC) and Mandatory Access Control (MAC). Role Based Access Control (RBAC) is the most common method today, and the most recent model is Attribute Based Access Control (ABAC).

Discretionary Access Control (DAC)
With DAC models, the data owner allows access. DAC is a means of assigning access rights based on user-specified rules.

Mandatory Access Control (MAC)
MAC was developed using a nondiscretionary model, in which people are granted access based on an information clearance. MAC is a policy in which access rights are assigned based on central authority regulations.

Role Based Access Control (RBAC)
RBAC grants access based on a user’s role and implements key security principles such as “least privilege” and “separation of privilege.” Thus, someone attempting to access information can only access data necessary for their role.

Attribute Based Access Control (ABAC)
In ABAC, each resource and user is assigned a series of attributes. In this dynamic method, a comparative assessment of the user’s attributes, including time of day, position, and location, is used to make a decision on access to a resource.

How it Works
Let’s take a look at how access control works in DataSunrise.

Two-Factor Authentication
DataSunrise includes two-factor authentication mechanisms based on emails and one-time passwords (OTP) which allow to access the target database. Database users should input the database’s password and complete email-based or Google Authenticator-based authentication to get access to the target database.

Database Access Restriction
DataSunrise features Data Security component which enables you to restrict access to a complete database or certain database objects depending on the following factors:
  • Database username;
  • Client application;
  • Application username;
  • IP address or hostname;
  • Operating system user;
  • Number of unsuccessful login attempts;
  • Query text.
Thus, DataSunrise utilizes the ABAC method of access control. Data Security’s functionality is based on security rules created by DataSunrise administrator.
 

Comments

Popular posts from this blog

Object Oriented and Relational Database

Object Relational and Object-Oriented Database What Is Object Relational Database? An object-relational database (ORD) is a database management system (DBMS) that’s composed of both a relational database (RDBMS) and an object-oriented database (OODBMS). An object-relational database acts as an interface between relational and object-oriented databases because it contains aspects and characteristics from both models. Object-oriented database (ORD) serves two main purposes: It connects the divide between relational databases and the object-oriented modeling techniques that are usually used in programming languages like C#, Java and C++. It bridges the gap between conceptual data modeling techniques for relational and object-oriented databases like entry-relationship diagram (ERD) and object-relational mapping (ORM). What Is Object Oriented Database? An object-oriented database is organized around objects rather than actions and data rather than logic. Therefore, an object database is a d...

What is the monitor? How many types and what is it? Details about CRT, LCD and LED monitors.

मॉनिटर क्या है? कितने प्रकार का होता है और क्या होता है? सीआरटी, एलसीडी और एलईडी मॉनिटर के बारे में विवरण। मॉनिटर क्या है? = मॉनिटर वह पार्ट्स है जो कंप्यूटर सिस्टम के साथ टीवी जैसा दिखता है। मॉनिटर कंप्यूटर सिस्टम का एक बहुत ही महत्वपूर्ण आउटपुट डिवाइस है। इसे डिस्प्ले डिवाइस के नाम से भी जाना जाता है। कंप्यूटर पर हम जो भी कार्य करते हैं उन्हें इस मॉनिटर के माध्यम से देखा जा सकता है, इसलिए मॉनिटर को विजुअल डिस्प्ले यूनिट कहा जाता है। मॉनिटर अलग-अलग साइज में आते हैं जैसे- 14 इंच, 15 इंच, 17 इंच, 19 इंच आदि। (Image by - Google Images) मॉनिटर कितने प्रकार के होते हैं? = रंग प्रदर्शन के आधार पर मॉनिटर्स को दो श्रेणियों में विभाजित किया जा सकता है। 1) मोनोक्रोम मॉनिटर (Monochrome Monitor), 2) कलर मॉनिटर (Color Monitor) । *  वर्तमान में मोनोक्रोम मॉनिटर का उपयोग शायद ही ध्यान देने योग्य है। अब हर जगह कलर मॉनिटर का इस्तेमाल किया जाता है। 1) मोनोक्रोम मॉनिटर (Monochrome Monitor) = इस प्रकार का मॉनिटर केवल सादा-काला चित्र प्रदर्शित करता है। वर्तमान में मोनोक्रोम मॉनिटर बहुत कम उपयोग होता ...

Normalization Types in DBMS

Normalization Types in DBMS First Normal Form (1NF) A relation will be 1NF if it contains an atomic value.  It states that an attribute of a table cannot hold multiple values. It must hold only single-valued attribute. First normal form disallows the multi-valued attribute, composite attribute, and their combinations. Example: Relation EMPLOYEE is not in 1NF because of multi-valued attribute EMP_PHONE. EMPLOYEE table: EMP_ID EMP_NAME EMP_PHONE EMP_STATE 14 John 7272826385, 9064738238 UP 20 Harry 8574783832 Bihar 12 Sam 7390372389, 8589830302 Punjab The decomposition of the EMPLOYEE table into 1NF has been shown below: EMP_ID EMP_NAME EMP_PHONE EMP_STATE 14 John 7272826385 UP 14 John 9064738238 UP 20 Harry 8574783832 Bihar 12 Sam 7390372389 Punjab 12 Sam 8589830302 Punjab Second Normal Form (2NF) In the 2NF, relational must be in 1NF.  In the second normal form, all non-key attributes are fully functional dependent on the primary key  Example: Let's assume, a school can ...