Mandatory control: Each data object is labeled with a certain classification level, and a given object can be accessed only by a user with a sufficient clearance level.
For discretionary access control, we need a language to support the definition of rights-for example, SQL. Constraint: A more specific rule regarding an aspect of an object and actionĪ typical DBMS supports basic approaches of data security-discretionary control, mandatory control, and role-based access control.ĭiscretionary control: A given user typically has different access rights, also known as privileges, for different objects.Policies: Enterprise-wide accepted security rules.Administrative rights: Who has rights in system administration and what responsibilities administrators have.Authorization: Specification of access modes for each subject on each object.Access mode/action: Any activity that might be performed on an object by a subject.Object: Database unit that requires authorization in order to manipulate.Subject: Individual who performs some activity on the database.
These security models are the basic theoretical tools to start with when developing a security system.ĭatabase security models include the following elements: The main role of a security system is to preserve integrity of an operational system by enforcing a security policy that is defined by a security model. It needs to be protected and managed because any changes to the database can affect it or other databases. The information in the databases is used, shared, and accessed by various users. Today’s organizations rely on database systems as the key data management technology for a large variety of tasks ranging from regular business operations to critical decision making.
0 kommentar(er)
