Question

2. Why is providing access control security mechanisms harder in database systems? (5 points)

Answer 1

Reasons for why it is difficult to implement access control security mechanisms in database:

Role Explosion: Due to the increasing number of employees in the organization, the Database administrator keeps on creating new roles in the system to encapsulate the permissions to that specific role, which helps them performing an action or operation on an object/entity of the database. Managing all these roles becomes cumbersome task for the admin.

Coarse-grained: Traditional access control systems are coarse-grained i.e they can't adapt to very specific situations and problems while the user is accessing the data. for example A doctor has been granted the right to "view medical record" . This means the doctor has the right to view all the medical records including his own records which might not be intended by the DBA. Some access control mechanisms also tend to avoid the meta data of the document. for ex. in this case, medical record owner.

Static: Access control systems are usually static in nature which means that they don't use the contextual information(someone,somewhere) i.e time, user location, device type

Auditing and Access Reviews: Auditing and access reviews are error-prone and lengthy in some access control mechanisms.

Defining roles and policies: A lot of time and efforts are invested in the identification of the access roles that are relevant to make authorization decisions and derive polices from them.

Thanks!

Upvote if it helped!