Permissions and authorization of users or processes are defined according to the policies of the business. An access control policy basically specifies a set of rules that describe the methods in which a client can access a server.
Access control Matrix: An access control matrix is a simple method for the storage of access control information. It is a table in which each row represents a subject (user), each column represents an object (the object can be a file or a record etc.) and each entry is the set of access rights for that subject to that object. In general the access control matrix will be sparse, because most users will not have access rights to most objects. Every subject will, however, be mapped with every object (subject, object, rights).
This approach can provide very fine grained security control. The problem is the more fine grained the control becomes the more entries are required in the table. In a big system the table can quickly become very big and difficult to manage and slow to search.
Access control list: A different approach is to use capabilities and access control lists. The first method is to specify only the objects that a user may access. This approach is called a capability. It can be seen as a token giving the possessor certain rights to an object. The capability can be stored with the subject.
A second method is to create a list that specifies which subjects can...
The first method is to specify only the objects that a user may access. This approach is called a capability. It can be seen as a token giving the possessor certain rights to an object. The capability can be stored with the subject.
A second method is to create a list that specifies which subjects can access an object, including their access rights. This approach is called an access control list (ACL). The ACL can be stored with the object or the resource.
View based security: Currently, authorization mechanisms in SQL permit access control at the level of complete tables or columns, or on views. It is also possible to create views for specific users, restricting access to data by granting rights only to certain views & tables for each user. These allow those users access to only selected tuples of a table. However, complex role based access control conditions are difficult to implement. In some cases view security can be bypassed (if users have access to base tables).
Also, management of security policy becomes complex by views. When a security policy is added, changed, or removed, it's difficult to determine what exactly to do with each view. An administrator cannot tell whether, by changing security policies through altering or dropping a view, he/she is breaking an application.
Enforcing Access control privileges:
i. Discretionary privileges: It is usually based on the granting and revoking of privileges.
It is further divided into two classifications:
1. The Account level: At this level, the DBA specifies the particular privileges that each account holds independently of the relations in the database.
Example: As the PMS is based on a centralized Oracle server, it must implement all the