1. Introduction to Access Control
Access Control is a security technique used to decide who can access what data in a database.
In simple words, access control checks:
- Who are you?
- What are you allowed to do?
In a database system, not all users should have full access. Some users can only read data, while others can insert, update, or delete data.
Example: In a college database, students can view marks, teachers can update marks, and admins manage the entire database.
2. Purpose of Access Control
The main purpose of access control is to protect database data from unauthorized access.
- Prevents unauthorized users from accessing data
- Protects sensitive information like passwords and marks
- Maintains data integrity
- Ensures user privacy
- Helps follow security rules and policies
Example: Only HR staff can view employee salary details.
3. Fundamentals of Access Control
Authentication
Authentication verifies the identity of a user. It answers the question: Who are you?
Common methods include username-password, OTP, and biometrics.
Authorization
Authorization decides what actions a user can perform after login, such as read, write, update, or delete.
Example: A student can read marks but cannot modify them.
Accountability
Accountability keeps track of user actions in the database.
Example: The system records which user deleted a record and when.
4. Policies of Access Control
Access control policies define rules about who can access data and under what conditions.
Policies answer:
- Who can access?
- What can be accessed?
- Under which conditions?
Example: Only managers can approve transactions above a certain amount.
5. Models of Access Control
Access control models define how permissions are assigned to users in a system.
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
6. Mechanisms of Access Control
Access control mechanisms are technical tools used to enforce access control policies.
- Passwords
- Access Control Lists (ACL)
- User roles
- Encryption
- Authentication systems
7. Discretionary Access Control (DAC)
In DAC, the owner of the data decides who can access it.
- Owner has full control
- Permissions can be shared
- Flexible but less secure
Example: File sharing in Google Drive where the owner decides access.
8. Mandatory Access Control (MAC)
In MAC, access is controlled by the system, not by users.
- Very strict security
- Used in military and government systems
- Based on security levels
Example: A user with confidential clearance cannot access top-secret data.
9. Role-Based Access Control (RBAC)
In RBAC, access permissions are assigned based on user roles.
- Users are assigned roles
- Roles have predefined permissions
- Easy to manage and scalable
Example: Teacher role can update marks, student role can only view marks.
Summary
| Term | Meaning |
|---|---|
| Access Control | Controls who can access data |
| Authentication | Verifies user identity |
| Authorization | Decides user permissions |
| DAC | Owner decides access |
| MAC | System decides access |
| RBAC | Access based on roles |
No comments:
Post a Comment