The typical method of enforcing “discretionary access control” in a database system is based on the granting and revoking of privileges. These are used to grant privileges to users, including the capability to access specify data files, records or fields in a specified mode.
Types of discretionary privileges:
In DBMS there are two levels for assigning privileges to use the database system:-
The Account Level:-At this level, the DBA specify the particular privilege that each account holds independently of the relations in the database
The Relation (table ) level:- At this level the DBA can control the privilege to access each individual relation or view in the database. The privilege at the account level apply to the capabilities provided to the account itself and can include the create scamp or create table privilege, to create a schema changes such as adding or removing attributes from relation, the drop privilege to delete relations or views, the modify privilege, to insert delete or update tuples, and the select privilege, to retrieve information from the database by using a select query
Role based access control:-Role based access control (rbac), emerged rapidly in the 1990’s as a proven technology for managing and enforcing security in Large –scale enterprise wide systems. Its basic notion is that permissions are associated with roles, and users are assigned to appropriate roles. Roles can be created using the cerate role and destroy role commands. The grant and revoke command are used to assign and revoke privileges from roles.
Rbac appears to be a viable alternative to traditional discretionary and mandatory access controls. It ensures that only authorized users are given access to certain data or resources, users create sessions during which they may activate a subset of roles to which they belong. Each it maps to only one user or a single subjects.