Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.

Similar presentations


Presentation on theme: "Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users."— Presentation transcript:

1 Presented By: Matthew Garrison

2 Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users are assigned roles based on responsibilities and qualifications  Advantages Simplified means of granting access Roles can change with addition of new systems

3 Goal of the Paper  Analyze and compare RBAC features in commercially available DBMSs (Database Management Systems)  Systems Compared INFORMIX Online Dynamic Server ver. 7.2 Sybase Adaptive Server release 11.5 Oracle Enterprise Server ver. 8.0

4 What is Compared?  User role assignment How can roles be assigned  Support for role relationships and constraints Role hierarchy and separation of roles  Assignable privileges Types of privileges available to assign

5 Informix Online Dynamic Server ver. 7.2  User role assignment Roles can be assigned to 1 user, another role, multiple users, or all users Users can only have one active role No feature to specify a default role ○ After sign on, user has no active role and must set there role. (They can only set there role to one that has been authorized for their use)

6 Informix Online Dynamic Server ver. 7.2  Support for role relationships and constraints Users and DBAs can grant roles to another role ○ Allows one to build a role hierarchy Does not support separation of roles ○ Can’t specify roles which cannot be applied to same user No support for max/min number of users assigned to a role Supports separation of duties ○ Side effect of not allowing a user to have more than 1 active role at any time

7 Informix Online Dynamic Server ver. 7.2  Assignable Privileges Three categories of privileges ○ Db-level, Table-level, Execute Database-Level ○ Privileges allowing connection to a database, addition of objects, security management and space management Table-Level ○ Privileges to a base table (INSERT, DELETE, ALTER, SELECT, UPDATE, INDEX) Execute ○ Privilege allowing the execution of stored procedures

8 Informix Online Dynamic Server ver. 7.2  Assignable Privileges contd. Allows only Table-level and Execute privileges to be assigned to a role. The DBA is only one with Database-Level privileges ○ Responsible for granting/revoking role privileges.

9 Sybase Adaptive Server rel. 11.5  Built in Roles Sybase comes with 3 pre-defined roles ○ Sa-role (System Administrator) Used for maintaining all databases and physical resources of the server ○ Sso-role (System Security Officer) Used to create and assign user-defined roles ○ Oper-role (Operator) Used to perform backups and load databases

10 Sybase Adaptive Server rel. 11.5  User role assignment Roles can be granted to one or more users Roles can only be granted by the System Security Officer Multiple Roles can be activated in a single session Setting your role after sign on is only necessary for user defined roles. System defined roles are activated automatically Can create a list of roles to activate automatically

11 Sybase Adaptive Server rel. 11.5  Support for role relationships and constraints A role hierarchy can be achieved by assigning roles to other roles Has 2 types of Mutual exclusion of roles ○ Static exclusion User cannot be granted both roles ○ Dynamic exclusion User cannot activate both roles at the same time

12 Sybase Adaptive Server rel. 11.5  Assignable Privileges Object Access Permissions ○ Regulate use of access commands (ie. SELECT, UPDATE, EXECUTE, etc.) Object Creation Permissions ○ Regulate use of create commands Both can be granted to a role

13 Oracle-Enterprise Server ver. 8.0  User role assignment Roles can be assigned to any number of users or other roles Allows for activation of multiple roles during the same session ○ Has commands that allows the user to activate all their assigned roles at once ○ Can also deactivate all current roles Allows for creation of a default list of roles to activate at sign on

14 Oracle-Enterprise Server ver. 8.0  Support for role relationships and constraints A role hierarchy can be obtained by granting roles to other roles Does not support separation of duties ○ Cannot Stop activation of exclusive roles No support for separation of roles ○ Multiple roles can be activated at once

15 Oracle-Enterprise Server ver. 8.0  Assignable Privileges System Privileges ○ Allows creation of objects in database Object Privileges ○ Allows actions on objects in database Both can be granted to a role ○ System privileges can only be granted by a DBA or person who has that privilege ○ Object privileges can be granted by the owner of an object or a user with that privilege

16 Summary of RBAC Features

17 Summary Contd.  Sybase and Oracle provide more features in user role assignment and privileges  Sybase only one to implement mutual exclusivity of roles  All provide a good basis for Role-Based Access Control Questions?


Download ppt "Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users."

Similar presentations


Ads by Google