1. Policies of Access Control
Access Control Policies are rules that define who can access data, what actions they can perform, and under what conditions.
In simple words, policy is a rule book for database access.
- Who can access the database
- Which data can be accessed
- What operations are allowed (read, write, delete)
Example: Students can view marks, teachers can update marks, and admin has full access.
2. Models of Access Control
Access Control Models describe how access permissions are structured and assigned to users.
In simple words, a model is the method of giving permissions.
- Discretionary Access Control (DAC)
- Non-Discretionary Access Control
- Mandatory Access Control (MAC)
3. Mechanisms of Access Control
Access Control Mechanisms are technical tools used to enforce access control policies and models.
- Passwords
- Access Control Lists (ACL)
- Capability Lists
- Roles and privileges
- GRANT and REVOKE commands
4. Discretionary Access Control (DAC)
In Discretionary Access Control, the owner of the data decides who can access it.
- Data owner has full control
- Permissions can be shared
- Flexible but less secure
Example: Google Drive file sharing or SQL GRANT command.
5. Non-Discretionary Access Control
In Non-Discretionary Access Control, users cannot decide access permissions.
- Permissions decided by system or administrator
- More secure than DAC
- Users must follow assigned rules
Example: Employees getting access based on job role.
6. Mandatory Access Control (MAC)
In Mandatory Access Control, access is controlled by the system using security levels.
- Very strict security
- Used in military and government systems
- Users cannot change permissions
Example: A user with Confidential clearance cannot access Top Secret data.
7. Capabilities of Access Control Mechanisms
Capabilities describe what access control mechanisms can do effectively.
- Prevent unauthorized access
- Protect sensitive data
- Control user operations
- Maintain accountability
- Improve database security
8. Limitations of Access Control Mechanisms
Although access control mechanisms are useful, they have some limitations.
- Complex to manage
- Insider threats
- Performance overhead
- Configuration errors
- Scalability issues
9. Access Control List (ACL)
An Access Control List (ACL) defines which users can access an object and what actions they can perform.
| User | Permission |
|---|---|
| Student | Read |
| Teacher | Read, Write |
| Admin | Full Control |
10. Limitations of Access Control List (ACL)
- Large ACL size
- Difficult to manage
- Poor scalability
- Performance overhead
11. Capability List
A Capability List stores information about which objects a user can access and what operations are allowed.
ACL is object-based, while Capability List is user-based.
Example: User can read File1 and write File2.
12. Limitations of Capability List
- Risk if capability is stolen
- Difficult permission revocation
- Complex management
- Hard to understand for administrators
Summary
- DAC: Owner decides access
- MAC: System decides access
- Non-Discretionary: User cannot change permissions
- ACL: Object-based permission list
- Capability List: User-based permission list
No comments:
Post a Comment