Professional Documents
Culture Documents
UNIT 5 Part 3
UNIT 5 Part 3
Security of databases refers to the array of controls, tools, and procedures designed to ensure and
safeguard confidentiality, integrity, and accessibility.
Security for databases must cover and safeguard the following aspects:
DAC is identity-based access control. DAC mechanisms will be controlled by user identification
such as username and password. DAC is discretionary because the owners can transfer objects or
any authenticated information to other users. In simple words, the owner can determine the
access privileges.
Attributes of DAC –
1. Users can transfer their object ownership to another user.
2. The access type of other users can be determined by the user.
3. Authorization failure can restrict the user access after several failed attempts.
4. Unauthorized users will be blind to object characteristics called file size, directory path,
and file name.
The operating system in MAC will provide access to the user based on their identities and data.
For gaining access, the user has to submit their personal information. It is very secure because
the rules and restrictions are imposed by the admin and will be strictly followed. MAC settings
and policy management will be established in a secure network and are limited to system
administrators.
Attributes of MAC –
1. MAC policies can help to reduce system errors.
2. It has tighter security because only the administrator can access or alter controls.
3. MAC has an enforced operating system that can label and delineate incoming application data.
4. Maintenance will be difficult because only the administrator can have access to the database.
Examples- Access level of windows for ordinary users, admins, and guests are some of the
examples of MAC.
DAC MAC
DAC stands for Discretionary Access MAC stands for Mandatory Access
Control. Control.
In DAC, the owner can determine the In MAC, the system only determines the
access and privileges and can restrict access and the resources will be
the resources based on the identity of restricted based on the clearance of the
the users. subjects.
Users will be provided access based on Users will be restricted based on their
DAC MAC
their identity and not using levels. power and level of hierarchy.
DAC has high flexibility with no rules MAC is not flexible as it contains lots of
and regulations. strict rules and regulations.
DAC has complete trust in users. MAC has trust only in administrators.
Decisions will be based only on user ID Decisions will be based on objects and
and ownership. tasks, and they can have their own ids.