Database Security and Authorization: Notion of Roles (Grouping of Users)

DBA gives different rights to different users. Suppose there are many users having same access rights. Then, it is beneficial to group these users and give authorization (rights) to this particular group. If some new user join the company, then it will be added to any group.

Ex. Consider an ABC software  company as shown in Figure  9.6.

The DBA makes three different groups (roles) of users :

  1. Marketing
  2. Software Development
  3. Software Testing.

The DBA gives rights or authorization to these groups but not to individual users. After that users are added to these different groups. When a user is added to any group, then automatically authorizations given to that  group will be granted to  that user.

Advantages : The advantages of notion of roles are:

  1. Ease the work of DBA.
  2. Resources can be optimized.

Disadvantage : The disadvantages of notion of roles are:

  1. It would not be possible to identify which transaction is carried out by which user. This will lead to security risks.

Source: Gupta Satinder Bal, Mittal Aditya (2017), Introduction to Basic Database Management System, 2nd Edition-University Science Press (2017)

Leave a Reply

Your email address will not be published. Required fields are marked *