Bouncer: Policy-Based Fine Grained Access Control in Large Databases
Current access control solutions in databases are based on tables and views. While view access control approach is flexible, it does not scale when the number of users (and therefore necessary views) is large. Consequently, most applications are forced to perform access control enforcement in the application code instead of the database. This approach has numerous disadvantages. The authors present a novel approach for fine-grained access control in large databases. Their solution combines relational databases with trust management techniques. Trust management systems such as KeyNote and CPOL can be used to evaluate policy rules to determine whether a given query can be performed and which parts of the resulting data can be presented to the user.