Access control to table rows using hierarchy of authority

Authors

  • Михаил Владимирович Коломыцев NTUU "KPI"
  • Светлана Александровна Носок NTUU "KPI"
  • Анастасия Евгеньевна Мазуренко NTUU "KPI"

DOI:

https://doi.org/10.18372/2410-7840.18.10587

Keywords:

database, personal data protection, access control at the row level, trigger, view, information system

Abstract

The article is devoted to the actual problem of the information protection in databases. Applications for databases access in the enterprise information system require access control by programming of access mechanism at the level of the database table rows (Row Level Security) to ensure the flexibility of security policy for data access. The existing approaches require the creation of additional columns in tables and program objects that define the mechanisms for rows filtering. The article proposes another approach where the rules of the granting permissions are in a separate table. The method is based on access restricting to data in specific rows in the table for reading, modifying and deleting. The method uses structural and job hierarchy of users, database objects and programming templates of operations for access control in different DBMS. The proposed method is implemented as special tables, triggers, views and user-defined functions for the database management system (DBMS) MS SQL Server. The goal is to develop a method for access control to table rows based on structural and job hierarchy of users.

Author Biographies

Михаил Владимирович Коломыцев, NTUU "KPI"

candidate of technical sciences, associate professor of Physico- Technical Institute of the NTUU "KPI".

Светлана Александровна Носок, NTUU "KPI"

candidate of technical sciences, associate professor of Physico- Technical Institute of the NTUU "KPI".

Анастасия Евгеньевна Мазуренко, NTUU "KPI"

student of the Physico-Technical Institute of the NTUU "KPI".

References

Предоставление разрешений уровня строки в SQL Server [Электронный ресурс] – Режим доступа: https:// msdn. microsoft. com / ru-ru/library/bb669076(v=vs.110).aspx.

Database Security Guide. 6 Access Control on Ta-bles, Views, Synonyms, or Rows [Электронный ресурс] – Режим доступа: https://docs.ora-cle.com/cd/B19306_01/network.102/b14266/ac-cessre.htm#CHDDGEJG.

Злыгостев А. Row-Level Security в РСУБД [Электронный ресурс] / Антон Злыгостев // RSDN Magazine: журнал для программистов. – 2004. – Режим доступа: http: / / rsdn. Ru / article / db / RowLevelSecurity.xml.

CRLS (Система управления доступом к данным) [Электронный ресурс] – Режим доступа: https://center-inform. Ru / upload / iblock / f9a / c626d1fc0985e11b23cc4f320c9ebeea.pdf.

Петухова Н. Метод обеспечения доступа к данным реляционных систем на уровне строк отношения [Электронный ресурс] / Наталья Петухова – Режим доступа: http: // www. tsi. lv / sites / default / files / editor / science / research_journal s /tr_tel/2003/v1/petuhova.pdf.

Хованец В. А. Адаптация информационных систем управления университетом требованиям за-кона о защите персональных данных [Электронный ресурс] / В. А. Хованец, П. В. Смолин. – 2010. – Режим доступа: http: // www. tusur. ru / filearchive/reports-magazine/2010-1/37-40.pdf.

Published

2016-05-30

Issue

Section

Articles