Databases Reference
In-Depth Information
policies at the database level. Next, we'll look at an alternative model, role-based
access control, which is scalable for large organizations with many departments,
groups, projects, and roles.
U
SING
ROLES
TO
CALCULATE
ACCESS
CONTROL
An alternative authorization model that associates permissions with roles that has
turned out to be scalable and the predominant choice for large organizations is called
role-based access control (
RBAC
)
, shown in a simplified form in figure 11.9.
Using a role-based, access-control model requires each organization to define a set
of roles associated with each set of data. Typically, applications are used to control col-
lections of data, so each application may have a set of roles that can be configured.
Once roles have been identified, each user is assigned one or more roles. The applica-
tion will then look up all the roles for each user and apply them against a set of per-
missions at the application level to determine whether a user has access.
It's clear that most large organizations can't manage a detailed access-control pol-
icy using a simple nine-bit structure like
UNIX
. One of the most difficult questions for
an application architect is whether access can be controlled at the application level,
instead of the database level.
Note that some applications need to support more than simple read and write
access control. For example, content management systems can restrict who can
update, delete, search, copy, or include various document components when new doc-
uments are generated. These fine-grained actions on data collections are generally
controlled within the application level.
11.2.3
Audit and logging
Knowing who accessed or updated what records and when they took these actions is
the job of the auditing component of your database. Good auditing systems allow for a
detailed reconstruction and examination of a sequence of events if there are security
breaches or system failures. A key component of auditing is to make sure that the
Each user has one or
more roles in the database.
Resources are associated
with a permission for each role.
Permission
(read, write)
Resource
(collection, document)
User
Role
Roles are associated with
one or more permissions.
Figure 11.9
This figure shows a simplified role-based access control (RBAC) model
that associates one or more roles with each user. The roles are then bound to each
resource through a permission code such as read, write, update, delete, and so on. The
RBAC model allows a security policy to be more maintainable when users aren't tied
to particular resources.
