Roles in Database Security
Separation of duties state that no user should be given enough privileges to misuse a system on their own. Roles establish separation of duties by breaking down user privilege to job duty requirements. A Role is a group of individual privileges that correlate to a users job responsibilities. Example, a role is created named “order entry” that contains specific privileges, for instance, INSERT, that is needed by someone who enters orders into the order database tables.
Roles are a part of the tiered security model using the following: Login security to connect to the server. Database security to get access to the database. Control of access to individual database objects and data. First, the user must log in to the server by entering a password. Once connected to the server, access to the stored databases is determined by user accounts. After gaining access to an actual database, the user is restricted to the data he or she can view and modify. The main benefit of roles is efficient management of user access. Example, a large organization with thousands of users. It would be very inefficient to try and grant individual privileges to each user. Additionally, in an environment like Active Directory (AD), Windows security can be used to assign specific roles to user groups. Roles give you the ability to specifically assign a given set of access privileges to a group. Any permissions that need to be modified because of added, deleted or other privilege changes only need to be made to the role, and each user assigned with that role will have their privileges modified accordingly (Harkins, 2004).
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users. Access is the ability of a user to perform a specific task. Roles are defined according to job competency, authority, and responsibility within the enterprise. RBAC enables users to carry out a wide range of authorized tasks by regulating their access according to functions, relationships, and constraints. This is in contrast to conventional methods of access control which grant or revoke user access on an object-by-object basis (Search Security Web, n.d.).
Harkins, S. (2004, October 1). Understanding roles in SQL Server security. Retrieved August 18, 2015, from http://www.techrepublic.com/article/understanding-roles-in-sql-server-security/1061781/
Search Security Web. (n.d.). What is role-based access control (RBAC)? – Definition from WhatIs.com.Retrieved August 20, 2015, from http://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC