36 Questions
What is a BYTE?
A combination of BITS representing a CHARACTER
What does a KEY FIELD do?
Uniquely identifies a RECORD for retrieval, updating, and sorting
What is the purpose of access control?
To ensure all direct accesses to objects are authorized
What is the definition of a DATABASE?
An organization’s electronic library of FILES organized to serve business applications
What does a FIELD represent?
A collection of BYTES representing a DATUM or Fact
What is the purpose of Information flow control?
To regulate what users can do with the accessed data
In SQL, what command is used for canceling privileges?
REVOKE command
How can a DBA give specific privileges to a user in SQL?
By issuing a GRANT command
What is the purpose of creating views in SQL for managing privileges?
To limit the capabilities of a user and grant with the ability to propagate the privilege
What does Role-Based Access Control (RBAC) in SQL associate permissions with?
Roles
What is involved in Mandatory Access Control (MAC) in database security?
Security labels, objects, subjects, and dominance
What can be targeted when granting UPDATE or INSERT privileges in SQL?
Specific attributes
What does RBAC stand for?
Role-Based Access Control
What is the main advantage of RBAC over DAC and MAC models?
Simplifies administration by reducing the number of relationships to manage
What are the components of RBAC framework?
Core RBAC, Hierarchical RBAC, Static Separation of Duty Relations, and Dynamic Separation of Duty Relations
What are the objects in RBAC that can be subject to access control?
Files, printers, terminals, and database records
What is the primary principle on which RBAC is engineered?
Least privilege
Which of the following is an extension of RBAC models?
ARBAC, CBRAC, dRBAC, ERBAC, fRBAC, GRBAC, HRBAC, IRBAC, JRBAC, LRBAC, MRBAC, PRBAC, QRBAC, RRBAC, SRBAC, TRBAC, V, W, and x
In RBAC, what does the notation r1 r2 signify?
User inheritance
What are the static relations defined in RBAC?
Permission Assignment and User Assignment
What does RBAC2 include in addition to RBAC0?
Constraints
What do limited hierarchies represent in RBAC?
Organizational structures
What is the purpose of role hierarchy in RBAC?
Defining user membership and privilege inheritance
What is the semantics of role hierarchies in RBAC?
Permission inheritance
What is the primary function of a subject in the context of database security?
Requesting access to an object
What is the main challenge associated with Discretionary Access Control (DAC)?
Propagation of access rights
What is a potential issue with using Stored Procedures for access control?
Programs may access unauthorized resources
What is the primary role of an Access Control List (ACL) in database security?
Specifying access rights for users or subjects
What is the purpose of the Capability List in the context of database security?
Specifying the access rights of subjects to objects
What is the main responsibility of the owner of a relation in database security?
Granting and revoking privileges on the relation
What is the purpose of Discretionary Access Control (DAC) in database security?
Defining access rights for each subject to objects, and can be granted and revoked
What is the main advantage of Role-Based Access Control (RBAC) over Discretionary Access Control (DAC)?
Enabling management of access rights based on roles rather than individual subjects
How can Access Control Lists (ACL) contribute to the implementation of Discretionary Access Control (DAC)?
By specifying the access rights of each subject for specific objects
What is the purpose of security through views in database access control?
Assigning rights to access predefined views, which can be difficult to maintain
What is the primary purpose of stored procedures in database security?
Assigning rights to execute compiled programs, which may access unauthorized resources
What is the primary purpose of grant and revoke operations in database security?
Allowing granting and revoking of privileges at different levels, such as account level and relation level
Study Notes
Role-Based Access Control (RBAC) Overview
- RBAC is a natural way of managing access control based on roles, job functions, and permissions within organizations.
- It addresses key security requirements of Web-based applications, offering a desirable solution compared to DAC and MAC models.
- RBAC assigns access to objects based on user roles, defined by job functions, and associated permissions.
- It simplifies administration by reducing the number of relationships to manage and makes revocation/change of permissions easier.
- RBAC is used in database management systems, security management, network operating systems, and is an official standard since 2004.
- RBAC includes components such as core RBAC, hierarchical RBAC, Static Separation of Duty (SSD) relations, and Dynamic Separation of Duty (DSD) relations.
- Objects in RBAC can be any system resource subject to access control, such as files, printers, terminals, and database records.
- Roles in RBAC are job functions within an organization with associated authority and responsibility conferred on the user assigned to the role.
- RBAC framework components include Core RBAC, Hierarchical RBAC, Static Separation of Duty Relations, and Dynamic Separation of Duty Relations.
- Role hierarchy, role activation, and temporal constraints are important considerations in RBAC systems.
- RBAC models include various extensions such as ARBAC, CBRAC, dRBAC, ERBAC, fRBAC, GRBAC, HRBAC, IRBAC, JRBAC, LRBAC, MRBAC, PRBAC, QRBAC, RRBAC, SRBAC, TRBAC, V, W, and x.
- RBAC is engineered based on the principle of least privilege, assigning users to roles, permissions to roles, and organizing roles into a hierarchy.
Database Security and Access Control
- Access control involves subjects (active entities) requesting access to objects (passive entities)
- Access rights define how a subject is allowed to access an object, such as read or write privileges
- Different levels of granularity for access control include relation-level, tuple-level, attribute-level, and cell-level
- Access control policies include Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC)
- DAC involves defining access rights for each subject to objects, and can be granted and revoked
- Implementation of DAC can be done through Access Control Lists (ACL) or Capability Lists
- Access control mechanisms include security through views, stored procedures, and grant and revoke operations
- Security through views involves assigning rights to access predefined views, which can be difficult to maintain
- Stored procedures involve assigning rights to execute compiled programs, which may access unauthorized resources
- Grant and revoke operations allow granting and revoking of privileges at different levels, such as account level and relation level
- Types of discretionary privileges include account level and relation level, with specific privileges like CREATE, MODIFY, and SELECT
- Privileges at the relation level can be granted, revoked, and controlled by the owner account holder
Test your knowledge of Role-Based Access Control (RBAC) with this quiz. Explore the key principles, components, and applications of RBAC, as well as its role in managing access control within organizations.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free