Advanced Role-Based Access Control Mechanisms in Oracle Databases
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I3P103Keywords:
Role-Based Access Control, Oracle Databases, Database Security, Fine-Grained Access Control, Privilege ManagementAbstract
RBAC is now the standard framework that guards contemporary databases since it offers structured and efficient ways of managing access to this valuable data. Since permission is tied to roles instead of individuals, RBAC allows organizations to have tighter control on their access policies and due to that provides better scalability. Oracle Databases are known for their strong and business level functionalities in RBAC including additional features of Fine-Grained Access Control (FGAC), Virtual Private Database (VPD), and context-sensitive role activation. Tomorrow’s mechanisms will enable businesses to enact sophisticated, and time-sensitive, access policies, as well as respond effectively to a plethora of legal and infrastructural challenges and objectives.
The focus of this paper is to explore and discuss on the advanced RBAC mechanisms used in Oracle Databases as far as system architecture, implementation and impact on performance is concerned. It also clarifies to what extent the proposed mechanisms can be applied in practical situations and what advantages and difficulties are expected during their implementation through the use of experimental validation. Specific comparisons with different kinds of database systems with real world tips that will help DBAs and security architects get the most out of RBAC configurations. Finally, it is the intention of this study to fill the existing literature and practical divide in the Realms of advanced RBAC applications to empower the stakeholders with the requisite tools and knowledge to enable provision of sound, secure and scalable database security solution with compliance
References
1. Sandhu, R. S. (1998). Role-based access control. In Advances in computers (Vol. 46, pp. 237-286). Elsevier.
2. Bertino, E., & Sandhu, R. (2005). Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and secure computing, 2(1), 2-19.
3. Kuhn, R., Coyne, E., & Weil, T. (2010). Adding attributes to role-based access control.
4. Chen, L., & Crampton, J. (2012). Risk-aware role-based access control. In Security and Trust Management: 7th International Workshop, STM 2011, Copenhagen, Denmark, June 27-28, 2011, Revised Selected Papers 7 (pp. 140-156). Springer Berlin Heidelberg.
5. Crampton, J., & Khambhammettu, H. (2008). Delegation in role-based access control. International Journal of Information Security, 7, 123-136.
6. Role-Based Access Control (Overview), Oracle, online. https://docs.oracle.com/cd/E26502_01/html/E29015/rbac-1.html
7. Jaidi, F., & Ayachi, F. L. (2015, January). The problem of integrity in RBAC-based policies within relational databases: synthesis and problem study. In Proceedings of the 9th International Conference on Ubiquitous Information Management and Communication (pp. 1-8).
8. Laverdière, M. A., Julien, K., & Merlo, E. (2021). RBAC protection-impacting changes identification: A case study of the security evolution of two PHP applications. Information and Software Technology, 139, 106630.
9. Configuring Advanced Role-based Access Control, Oracle, online. https://docs.oracle.com/cd/E28280_01/admin.1111/e16580/rbac.htm
10. Chimpiri, T. R. (2024). Enhancing Cloud Security with Oracle Cloud Security Applications. European Journal of Business Startups And Open Society, 4(5), 16-21.
11. Greenwald, R., Stackowiak, R., & Stern, J. (2013). Oracle essentials: Oracle database 12c. " O'Reilly Media, Inc.".
12. Ray, L., & Felch, H. (2017). Detecting advanced persistent threats in oracle databases: Methods and techniques. In Strategic Information Systems and Technologies in Modern Organizations (pp. 71-89). IGI Global.
13. Configure Role-Based Access Control (RBAC), Oracle. online. https://docs.oracle.com/cd/E65459_01/admin.1112/e65449/content/general_rbac.html - Image.1
14. Bakar, A. A., Ismail, R., & Jais, J. (2009, July). A review on extended role based access control (E-RBAC) model in pervasive computing environment. In 2009 First International Conference on Networked Digital Technologies (pp. 533-535). IEEE.
15. Khan, J. A. (2024). Role-Based access Control (RBAC) and Attribute-Based Access Control (ABAC). In Improving Security, Privacy, and Trust in Cloud Computing (pp. 113-126). IGI Global.
16. Introducing Oracle Database Real Application Security, Real Application Security Administrator's and Developer's Guide, https://docs.oracle.com/en/database/oracle/oracle-database/21/dbfsg/indroducing-oracle-database-real-application-security.html#GUID-4CA063EE-9405-439A-AAA1-5919E3C1470B
17. Neumann, G., & Strembeck, M. (2003, June). An approach to engineer and enforce context constraints in an RBAC environment. In Proceedings of the eighth ACM symposium on Access control models and technologies (pp. 65-79).
18. Bellettini, C., Bertino, E., & Ferrari, E. (2001). Role based access control models. Information security technical report, 6(2), 21-29.
19. Overview of Role-Based Access Control, Securing Sales and Fusion Service, online. https://docs.oracle.com/en/cloud/saas/sales/oscus/overview-of-role-based-access-control.html
20. Chen, H. C. (2019). Collaboration IoT-based RBAC with trust evaluation algorithm model for massive IoT integrated application. Mobile Networks and Applications, 24(3), 839-852.
21. Koch, M., Mancini, L. V., & Parisi-Presicce, F. (2002). A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC), 5(3), 332-365.
22. R. Daruvuri and K. Patibandla, "Enhancing data security and privacy in edge computing: A comprehensive review of key technologies and future directions," International Journal of Research in Electronics and Computer Engineering, vol. 11, no. 1, pp. 77-88, 2023.
