A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments.
A database security mechanism that enforces this policy would typically be said to provide which of the following?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
When access control is based on the content of an object,it is considered to be content dependent access control.
Content-dependent access control is based on the content itself.
The following answers are incorrect: context-dependent access control.
Is incorrect because this type of control is based on what the context is, facts about the data rather than what the object contains.
least privileges access control.
Is incorrect because this is based on the least amount of rights needed to perform their jobs and not based on what is contained in the database.
ownership-based access control.
Is incorrect because this is based on the owner of the data and and not based on what is contained in the database.
References: OIG CBK Access Control (page 191)
The correct answer to this question is "B. Context-dependent access control."
Access control is a security mechanism that determines who is allowed to access specific resources or data in a system. There are several types of access control mechanisms, including content-dependent access control, context-dependent access control, least privilege access control, and ownership-based access control.
Content-dependent access control focuses on controlling access to specific content, such as files, documents, or data. This type of access control is typically based on the content's attributes, such as its type, location, or metadata.
Context-dependent access control, on the other hand, focuses on controlling access to resources based on the context of the access request. This type of access control considers factors such as the user's identity, location, and the actions they are attempting to perform.
Least privilege access control is a principle that requires that users be granted the minimum level of access necessary to perform their tasks. This principle is designed to limit the potential damage that can be caused by a security breach or human error.
Ownership-based access control is a mechanism that grants access based on the ownership of the resource being accessed. For example, an employee may have access to certain files because they are the owner of those files.
In the scenario described in the question, the department manager has read access to the salaries of the employees in their department but not to the salaries of employees in other departments. This is an example of context-dependent access control because access is granted or denied based on the user's identity and the context of the access request (i.e., the department they belong to).