Published: October 9, 1998
Author(s)
Ramaswamy Chandramouli (NIST), Ravi Sandhu (GMU)
Conference
Name: 21st National Information Systems Security Conference (NISSC '98)
Dates: 10/06/1998 - 10/09/1998
Location: Crystal City, Virginia, United States
Citation: Proceedings of the 21st National Information Systems Security Conference (NISSC '98),
This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and Sybase Adaptive Server Release 11.5. We categorize RBAC features under three broad areas: user role assignment, support for role relationships and constraints, and assignable privileges. Our finding is that these products provide a sound basis for implementing the basic features of RBAC, although there are significant differences. In particular, Informix restricts users to a single active role at any time, while Oracle and Sybase allow multiple roles to be activated simultaneously as per the user's selection. All three provide support for role hierarchies, but Sybase is the only one to directly support mutual exclusion of roles.
This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and Sybase Adaptive Server Release 11.5. We...
See full abstract
This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and Sybase Adaptive Server Release 11.5. We categorize RBAC features under three broad areas: user role assignment, support for role relationships and constraints, and assignable privileges. Our finding is that these products provide a sound basis for implementing the basic features of RBAC, although there are significant differences. In particular, Informix restricts users to a single active role at any time, while Oracle and Sybase allow multiple roles to be activated simultaneously as per the user's selection. All three provide support for role hierarchies, but Sybase is the only one to directly support mutual exclusion of roles.
Hide full abstract
Keywords
access control; database management systems; DBMS; RBAC; Role-Based Access Control
Control Families
None selected
