The Design Of A Database Access Control System Based On Role

With the development and prevalence of computer information system, database------asstorage for a lot of important data, is more and more popular in the application of government and enterprises. It becomes an important resource for the governments and the enterprises to work efficiently. So the security of the database becomes more and more important, and it is regarded seriously by many countries. As a result, many countries all over the world take a lot of money to research the products of secure database. Developed countries such as Europe and US have got their secure database products, and sell to the world market, but these products are restricted to export to our country. We have got our own products of secure database, but because of the lateness of development, it is used at a very low rate. On the other hand, the products of insecure database from foreign countries have been used at large in our country, so it is impossible that all the products are replaced by our own secure database. As a result, the problem of database security in our country is serious, to solve the security problem on the application layer become a reasonable method.In this thesis, I have proposed a system scheme that performs database access control based on role according to the popular SQL Server DBMS. The scheme embedded the access control function into an access agent program of the server to control user's access to database resource with a high degree of granularity. The system consists of the privilege management subsystem and the access agent subsystem. In order to achieve privilege management based on role, the system setups several simple privilege information table that provide the condition of access control based on role. To achieve the access control with a high degree of granularity, the system introduces the selection condition to control the records and puts forward the field access control mask to implement the access control to field, and constructs the privilege of user of dynamic view and adds the view in the back of the access request sentence to limit the access request of users. It makes the procedure of access control be simpler, more flexible and more effective.