Objects: Any system, resource file, printer, terminal, database record, etc.RBAC mechanisms are a flexible alternative to mandatory access control (MAC) and discretionary access control (DAC). Role-based security provides the flexibility to define permissions at a high level of granularity in Microsoft SQL, thus greatly reducing the attack surface area of the database system. However, a role brings together a set of users on one side and a set of permissions on the other, whereas user groups are typically defined as a set of users only. Role-based access control (RBAC): Permissions are associated with roles, and users are made members of appropriate roles. In both discretionary and mandatory control cases, the unit of data and the data object to be protected can range from the entire database to a single, specific tuple. Mandatory access control is applicable to the databases in which data has a rather static or rigid classification structure-for example, military or government environments. Mandatory control: Each data object is labeled with a certain classification level, and a given object can be accessed only by a user with a sufficient clearance level. For discretionary access control, we need a language to support the definition of rights-for example, SQL. Constraint: A more specific rule regarding an aspect of an object and actionĪ typical DBMS supports basic approaches of data security-discretionary control, mandatory control, and role-based access control.ĭiscretionary control: A given user typically has different access rights, also known as privileges, for different objects.Policies: Enterprise-wide accepted security rules.Administrative rights: Who has rights in system administration and what responsibilities administrators have.Authorization: Specification of access modes for each subject on each object.Access mode/action: Any activity that might be performed on an object by a subject. Object: Database unit that requires authorization in order to manipulate.Subject: Individual who performs some activity on the database.These security models are the basic theoretical tools to start with when developing a security system.ĭatabase security models include the following elements: The main role of a security system is to preserve integrity of an operational system by enforcing a security policy that is defined by a security model. It needs to be protected and managed because any changes to the database can affect it or other databases. The information in the databases is used, shared, and accessed by various users. Today’s organizations rely on database systems as the key data management technology for a large variety of tasks ranging from regular business operations to critical decision making. Database security: The mechanism that protects the database against intentional or accidental threats or that protects it against malicious attempts to steal (view) or modify data.Database: A collection of information stored in computer.In this blog, I describe database security models and briefly review SQL Server security principles. Every organization has unique way of dealing with security based on their requirements. The subject of security is vast, and we need to understand that security can never be perfect. In general, security touches every aspect and activity of an information system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |