Download presentation
Presentation is loading. Please wait.
Published byCharla Singleton Modified over 9 years ago
1
Presented By: Matthew Garrison
2
Basics of Role Based Access Control Roles are determined based on job functions within a given organization Users are assigned roles based on responsibilities and qualifications Advantages Simplified means of granting access Roles can change with addition of new systems
3
Goal of the Paper Analyze and compare RBAC features in commercially available DBMSs (Database Management Systems) Systems Compared INFORMIX Online Dynamic Server ver. 7.2 Sybase Adaptive Server release 11.5 Oracle Enterprise Server ver. 8.0
4
What is Compared? User role assignment How can roles be assigned Support for role relationships and constraints Role hierarchy and separation of roles Assignable privileges Types of privileges available to assign
5
Informix Online Dynamic Server ver. 7.2 User role assignment Roles can be assigned to 1 user, another role, multiple users, or all users Users can only have one active role No feature to specify a default role ○ After sign on, user has no active role and must set there role. (They can only set there role to one that has been authorized for their use)
6
Informix Online Dynamic Server ver. 7.2 Support for role relationships and constraints Users and DBAs can grant roles to another role ○ Allows one to build a role hierarchy Does not support separation of roles ○ Can’t specify roles which cannot be applied to same user No support for max/min number of users assigned to a role Supports separation of duties ○ Side effect of not allowing a user to have more than 1 active role at any time
7
Informix Online Dynamic Server ver. 7.2 Assignable Privileges Three categories of privileges ○ Db-level, Table-level, Execute Database-Level ○ Privileges allowing connection to a database, addition of objects, security management and space management Table-Level ○ Privileges to a base table (INSERT, DELETE, ALTER, SELECT, UPDATE, INDEX) Execute ○ Privilege allowing the execution of stored procedures
8
Informix Online Dynamic Server ver. 7.2 Assignable Privileges contd. Allows only Table-level and Execute privileges to be assigned to a role. The DBA is only one with Database-Level privileges ○ Responsible for granting/revoking role privileges.
9
Sybase Adaptive Server rel. 11.5 Built in Roles Sybase comes with 3 pre-defined roles ○ Sa-role (System Administrator) Used for maintaining all databases and physical resources of the server ○ Sso-role (System Security Officer) Used to create and assign user-defined roles ○ Oper-role (Operator) Used to perform backups and load databases
10
Sybase Adaptive Server rel. 11.5 User role assignment Roles can be granted to one or more users Roles can only be granted by the System Security Officer Multiple Roles can be activated in a single session Setting your role after sign on is only necessary for user defined roles. System defined roles are activated automatically Can create a list of roles to activate automatically
11
Sybase Adaptive Server rel. 11.5 Support for role relationships and constraints A role hierarchy can be achieved by assigning roles to other roles Has 2 types of Mutual exclusion of roles ○ Static exclusion User cannot be granted both roles ○ Dynamic exclusion User cannot activate both roles at the same time
12
Sybase Adaptive Server rel. 11.5 Assignable Privileges Object Access Permissions ○ Regulate use of access commands (ie. SELECT, UPDATE, EXECUTE, etc.) Object Creation Permissions ○ Regulate use of create commands Both can be granted to a role
13
Oracle-Enterprise Server ver. 8.0 User role assignment Roles can be assigned to any number of users or other roles Allows for activation of multiple roles during the same session ○ Has commands that allows the user to activate all their assigned roles at once ○ Can also deactivate all current roles Allows for creation of a default list of roles to activate at sign on
14
Oracle-Enterprise Server ver. 8.0 Support for role relationships and constraints A role hierarchy can be obtained by granting roles to other roles Does not support separation of duties ○ Cannot Stop activation of exclusive roles No support for separation of roles ○ Multiple roles can be activated at once
15
Oracle-Enterprise Server ver. 8.0 Assignable Privileges System Privileges ○ Allows creation of objects in database Object Privileges ○ Allows actions on objects in database Both can be granted to a role ○ System privileges can only be granted by a DBA or person who has that privilege ○ Object privileges can be granted by the owner of an object or a user with that privilege
16
Summary of RBAC Features
17
Summary Contd. Sybase and Oracle provide more features in user role assignment and privileges Sybase only one to implement mutual exclusivity of roles All provide a good basis for Role-Based Access Control Questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.