350 rub
Journal Science Intensive Technologies №7 for 2012 г.
Article in number:
Access control of individual records of a relational table
Authors:
V. Kirichenko
Abstract:
Implementation of security mechanisms of a software system assumes that a certain user needs to access a certain subset of a file or a database table, leaving other data inaccessible to him. The problem is stated as follows: «User №1» was granted the right to access solely «record №3» therefore attempt to access «record 2» by the user is rejected. «User №2» is granted the right to access «Record 3» as well as «Record 2» therefore attempt to access both records by the user is not rejected. To solve the problem we use discretionary access control mechanism (DAC) which allows granting and revoking access rights from users dynamically. Method proposed in this paper is based on role based access control model (RBAC) and DAC. Each user is assigned a role and a domain. Role is used to group users by their occupation while domain groups users by the subsets of the data domain they need to work with. Each «role-domain» pair is associated with certain subsets of data. Here, data subset is a list of identifier values of the table managed by the access control mechanism. In other words we enumerate the primary key values of the table which are accessible by the particular «role-domain» pair. Data subsets can have types, where type is an object of discretionary access control. Data selection from the table is done by the means of a view, while the user access to the table itself is closed. The above described approach fully solves the stated problem of access control.
Pages: 15-17
References
  1. Tanuška Pavol, Važan Pavel, Schreiber Peter. The Partial Proposal of Data Warehouse Testing Task // Proceedings of the 2009
    International Symposium on Computing, Communication and Control. Singapore.-Singapore: IACSIT Press, 2009. Р. 242-246.
  2. Симоненко С.Н. Обзор дискреционных механизмов управления доступом применительно к информационным системам //
    it-claim.ru: CLAIM - научно-образовательный кластер. 2012.URL: http://www.philippovich.ru/Library/Books/ITS/wwwbook/IST7/simonenko/Simonenko.htm {дата обращения 15.03.2012}.
  3. Винкоп С. Использование Microsoft SQL Server 7.0. Специальное издание: пер. с англ. Киев; М.; СПб.: Вильямс. 1999.
  4. Морозов А. Только для ваших глаз // delphiplus.org: Новости информационных технологий. 2003. URL: http://www.delphiplus.org/articles/ib/only_for_your_eyes/index.html {дата обращения 15.03.2010}.