Access control to table rows using hierarchy of authority
DOI:
https://doi.org/10.18372/2410-7840.18.10587Keywords:
database, personal data protection, access control at the row level, trigger, view, information systemAbstract
The article is devoted to the actual problem of the information protection in databases. Applications for databases access in the enterprise information system require access control by programming of access mechanism at the level of the database table rows (Row Level Security) to ensure the flexibility of security policy for data access. The existing approaches require the creation of additional columns in tables and program objects that define the mechanisms for rows filtering. The article proposes another approach where the rules of the granting permissions are in a separate table. The method is based on access restricting to data in specific rows in the table for reading, modifying and deleting. The method uses structural and job hierarchy of users, database objects and programming templates of operations for access control in different DBMS. The proposed method is implemented as special tables, triggers, views and user-defined functions for the database management system (DBMS) MS SQL Server. The goal is to develop a method for access control to table rows based on structural and job hierarchy of users.References
Предоставление разрешений уровня строки в SQL Server [Электронный ресурс] – Режим доступа: https:// msdn. microsoft. com / ru-ru/library/bb669076(v=vs.110).aspx.
Database Security Guide. 6 Access Control on Ta-bles, Views, Synonyms, or Rows [Электронный ресурс] – Режим доступа: https://docs.ora-cle.com/cd/B19306_01/network.102/b14266/ac-cessre.htm#CHDDGEJG.
Злыгостев А. Row-Level Security в РСУБД [Электронный ресурс] / Антон Злыгостев // RSDN Magazine: журнал для программистов. – 2004. – Режим доступа: http: / / rsdn. Ru / article / db / RowLevelSecurity.xml.
CRLS (Система управления доступом к данным) [Электронный ресурс] – Режим доступа: https://center-inform. Ru / upload / iblock / f9a / c626d1fc0985e11b23cc4f320c9ebeea.pdf.
Петухова Н. Метод обеспечения доступа к данным реляционных систем на уровне строк отношения [Электронный ресурс] / Наталья Петухова – Режим доступа: http: // www. tsi. lv / sites / default / files / editor / science / research_journal s /tr_tel/2003/v1/petuhova.pdf.
Хованец В. А. Адаптация информационных систем управления университетом требованиям за-кона о защите персональных данных [Электронный ресурс] / В. А. Хованец, П. В. Смолин. – 2010. – Режим доступа: http: // www. tusur. ru / filearchive/reports-magazine/2010-1/37-40.pdf.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
