Access Control

After a user is authenticated and logon to a system, its access to resources on a computer or network system are controlled by access control modules.

Discretionary Access Control(DAC)
In a DAC model, a subject has complete control over the objects that it owns and the programs that it executes. Owner associates each of its objects with an access control list (ACL), containing a list of users and their level of access to this object. DAC is based on the owner's granting and revoking of privileges. Access to an resource is denied by default unless explicitly authorized. Most of today's OS are using DAC model.

The key weakness of DAC is that it suffers from Trojan horse attacks.

Mandatory Access Control(MAC)
MAC is the most strict of all levels of control. The MAC model targeted for systems in which confidentiality has the highest priority, such as military or government agencies. In a MAC enforced system, both subjects and objects will get assigned clearance levels(security labels). The administrator takes control of security label defintion and assignment. Access to objects are constrained by policies on the security clearance, which are also defined by administrator. The general access rule is no read up, no write down following the Bell-Lapadula Model, but it's also possible to exptend and define dedicate rules depending on the practical security requirements. MAC is fine-grained and can provide row or column level access control.

Often seen as the most secure access control environment, MAC also requires extra effort in pre-planning in order to be effectively and securely implemented. It also calls for continuous system management overhead to control new users, objects, and changes of security label defintions.

Oracle 9i has implemented label security to meet the MAC requirements and provide row level access control, and hierarchy labels are coded as numeric values. DB2 also provides LBAC to provide MAC for both row and column. The security label is composed of one or more security label components of three types: arrays(hierarchy), sets and trees.

Role Based Access Control (RBAC)
In a RBAC system, user also doesn't have discretionary access to objects. Instead, administrator create roles with a collection of permissions for different job functions or responsibilities. Each user will be assigned to one or more roles, and delegated all the privileges associated with that role. RBAC greatly simplifies the management of individual user rights and authorizations.

Many database systems have some implementation of RBAC, including Teradata, Oracle, DB2, SQL Server.