Resumen

CLAVADETSCHER, Charles. Multi Dimensional Access Control In PostgreSQL. Rev cuba cienc informat [online]. 2017, vol.11, n.4, pp.12-22. ISSN 2227-1899.

A database contains the information required to support all the business processes of a company, independently of its personnel structure. Therefore you will have, e.g. sales catalogues, product descriptions, accounting information, lists of employees, etc. Obviously not all employees are supposed to have access to all data, thus posing the question on how to manage their access to them in a secure way. This selection process is called authorization and is available in all database systems. In PostgreSQL, access control is organized around roles. The classic authorization system is vertical. This means that it allows to choose which tables or columns thereof are accessible to a user. Since version 9.5, PostgreSQL introduced the possibility of a horizontal access control. This type of access (row level security) allows to choose based on a configurable set of crieteria which rows are visible, and therefore modifiable, by a user. The combination of vertical and horizontal access control techniques enables a granularity in the configuration that, in the past, could only be achieved through workarounds difficult to maintain and, therefore, insecure.

Palabras clave : PostgreSQL; databases; security; authorization; access control; row level security.

        · resumen en Español     · texto en Español     · Español ( pdf )