Skip to main content

Access Control Methods in DBMS

Access control in DBMS

Database access control is a method of allowing access to a company’s sensitive data only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons. It includes two main components: authentication and authorization.

Authentication is a method of verifying the identity of a person who is accessing your database. Note that authentication isn’t enough to protect data. An additional layer of security is required, authorization, which determines whether a user should be allowed to access the data or make the transaction he’s attempting. Without authentication and authorization, there is no data security.

Any company whose employees connect to the Internet, thus, every company today, needs some level of access control implemented.

Types of Access Control
Obsolete access models include Discretionary Access Control (DAC) and Mandatory Access Control (MAC). Role Based Access Control (RBAC) is the most common method today, and the most recent model is Attribute Based Access Control (ABAC).

Discretionary Access Control (DAC)
With DAC models, the data owner allows access. DAC is a means of assigning access rights based on user-specified rules.

Mandatory Access Control (MAC)
MAC was developed using a nondiscretionary model, in which people are granted access based on an information clearance. MAC is a policy in which access rights are assigned based on central authority regulations.

Role Based Access Control (RBAC)
RBAC grants access based on a user’s role and implements key security principles such as “least privilege” and “separation of privilege.” Thus, someone attempting to access information can only access data necessary for their role.

Attribute Based Access Control (ABAC)
In ABAC, each resource and user is assigned a series of attributes. In this dynamic method, a comparative assessment of the user’s attributes, including time of day, position, and location, is used to make a decision on access to a resource.

How it Works
Let’s take a look at how access control works in DataSunrise.

Two-Factor Authentication
DataSunrise includes two-factor authentication mechanisms based on emails and one-time passwords (OTP) which allow to access the target database. Database users should input the database’s password and complete email-based or Google Authenticator-based authentication to get access to the target database.

Database Access Restriction
DataSunrise features Data Security component which enables you to restrict access to a complete database or certain database objects depending on the following factors:
  • Database username;
  • Client application;
  • Application username;
  • IP address or hostname;
  • Operating system user;
  • Number of unsuccessful login attempts;
  • Query text.
Thus, DataSunrise utilizes the ABAC method of access control. Data Security’s functionality is based on security rules created by DataSunrise administrator.
 
Labels:

Comments

Post a Comment

Please do not enter any spam link in the comment box.

Popular posts from this blog

Languages in DBMS

Languages in DBMS Structured Query Language(SQL) as we all know is the database language by the use of which we can perform certain operations on the existing database and also we can use this language to create a database. SQL uses certain commands like Create, Drop, Insert, etc. to carry out the required tasks. These SQL commands are mainly categorized into five categories as: DDL – Data Definition Language DQL – Data Query Language DML – Data Manipulation Language DCL – Data Control Language TCL – Transaction Control Language Now, we will see all of these in detail. DDL (Data Definition Language): DDL or Data Definition Language actually consists of the SQL commands that can be used to define the database schema. It simply deals with descriptions of the database schema and is used to create and modify the structure of database objects in the database. DDL is a set of SQL commands used to create, modify, and delete database structures but not data. These commands are normally ...
Post a Comment
Read more

Indexing in DBMS

Indexing in DBMS Indexing is used to optimize the performance of a database by minimizing the number of disk accesses required when a query is processed.  The index is a type of data structure. It is used to locate and access the data in a database table quickly. Index structure: Indexes can be created using some database columns. The first column of the database is the search key that contains a copy of the primary key or candidate key of the table. The values of the primary key are stored in sorted order so that the corresponding data can be accessed easily.  The second column of the database is the data reference. It contains a set of pointers holding the address of the disk block where the value of the particular key can be found. Indexing Methods Ordered indices The indices are usually sorted to make searching faster. The indices which are sorted are known as ordered indices. Example: Suppose we have an employee table with thousands of record and each of which is 10 byte...
Post a Comment
Read more

SQL Injection

SQL Injection The SQL Injection is a code penetration technique that might cause loss to our database. It is one of the most practiced web hacking techniques to place malicious code in SQL statements, via webpage input. SQL injection can be used to manipulate the application's web server by malicious users. SQL injection generally occurs when we ask a user to input their username/userID. Instead of a name or ID, the user gives us an SQL statement that we will unknowingly run on our database. For Example - we create a SELECT statement by adding a variable "demoUserID" to select a string. The variable will be fetched from user input (getRequestString). demoUserI = getrequestString("UserId"); demoSQL = "SELECT * FROM users WHERE UserId =" +demoUserId; Types of SQL injection attacks SQL injections can do more harm other than passing the login algorithms. Some of the SQL injection attacks include: Updating, deleting, and inserting the data: An attack can mo...
Post a Comment
Read more