Database Security and Access Control
10 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of a database audit?

  • To revoke privileges from users
  • To optimize database performance
  • To implement encryption standards
  • To examine all accesses and operations applied to the database (correct)
  • What is another term for a database log used mainly for security purposes?

  • Audit Trail (correct)
  • Access Control List
  • Security Log
  • Privilege Matrix
  • At what level can the DBA control the privilege to access each individual relation or view?

  • Relation Level (correct)
  • Account Level
  • Schema Level
  • View Level
  • What privilege allows the creation of a schema or base relation?

    <p>CREATE SCHEMA privilege</p> Signup and view all the answers

    What is the purpose of Discretionary Access Control?

    <p>To grant and revoke privileges</p> Signup and view all the answers

    What type of privileges apply to the capabilities provided to the account itself?

    <p>Account Level Privileges</p> Signup and view all the answers

    What privilege allows the deletion of relations or views?

    <p>DROP privilege</p> Signup and view all the answers

    What is the term for reviewing the log to examine all accesses and operations applied to the database?

    <p>Database Audit</p> Signup and view all the answers

    What privilege allows the insertion, deletion, or updating of tuples?

    <p>MODIFY privilege</p> Signup and view all the answers

    At what level can the DBA specify the particular privileges that each account holds?

    <p>Account Level</p> Signup and view all the answers

    Study Notes

    Access Control in Database Systems

    • Discretionary access control techniques are used to grant and revoke privileges on relations in relational database systems.
    • This is an all-or-nothing method, where a user either has or does not have a certain privilege.

    Mandatory Access Control

    • Mandatory access control classifies data and users based on security classes, such as top secret (TS), secret (S), confidential (C), and unclassified (U).
    • The Bell-LaPadula model is a commonly used model for multilevel security, which classifies each subject (user, account, program) and object (relation, tuple, column, view, operation) into one of the security classifications.

    Restrictions on Data Access

    • Two restrictions are enforced on data access based on the subject/object classifications:
      • Simple security property: A subject S is not allowed read access to an object O unless class(S) ≥ class(O).
      • A subject S is not allowed to write an object O unless class(S) ≤ class(O).

    Role-Based Access Control

    • Role-based access control (RBAC) emerged in the 1990s as a proven technology for managing and enforcing security in large-scale enterprise-wide systems.
    • In RBAC, permissions are associated with roles, and users are assigned to appropriate roles.
    • Roles can be created using the CREATE ROLE and DESTROY ROLE commands, and privileges can be assigned and revoked from roles using the GRANT and REVOKE commands.

    Advantages of RBAC

    • RBAC ensures that only authorized users are given access to certain data or resources.
    • Role hierarchy in RBAC is a natural way of organizing roles to reflect the organization's lines of authority and responsibility.
    • RBAC is a viable alternative to traditional discretionary and mandatory access controls.

    Temporal Constraints in RBAC

    • Temporal constraints may exist on roles, such as time and duration of role activations, and timed triggering of a role by an activation of another role.

    Access Control Policies for E-Commerce and the Web

    • E-Commerce environments require elaborate policies that go beyond traditional DBMSs.

    Database Audits

    • A database audit consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period.
    • A database log used mainly for security purposes is sometimes called an audit trail.

    Discretionary Access Control

    • The typical method of enforcing discretionary access control in a database system is based on the granting and revoking privileges.
    • Discretionary access control can be applied at two levels: the account level and the relation level.

    Types of Discretionary Privileges

    • At the account level, privileges can include:
      • CREATE SCHEMA or CREATE TABLE privilege
      • CREATE VIEW privilege
      • ALTER privilege
      • DROP privilege
      • MODIFY privilege
      • SELECT privilege
    • At the relation level, privileges can include:
      • Privileges to access individual relations or views in the database.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers database security concepts, including horizontal and vertical propagation of privileges, mandatory access control, and role-based access control for multilevel security.

    More Like This

    Use Quizgecko on...
    Browser
    Browser