Role-Based Access Control for Loosely Coupled Distributed Database Management Systems

摘要

Much of the work to date to apply Role-Based Access Control (RBAC) to database management systems has focused on single database systems or an integrated distributed database system. For situations where the need exists to consolidate multiple independent databases, and where the direct integration of the databases is neither practical nor desirable, the application of RBAC requires that policy be enforced via a method that is distinct from the databases. The method must provide for the verification of the RBAC policy, while allowing for the independence of the various databases on which the policy is enforced. This paper proposes a model for an application that provides for a web-based interface for users to be granted access to data held in various independent databases. The application enforces a strict RBAC policy on a well- defined set of accesses, while alleviating the need for users to have a separate account on each of the databases.