Qualitative Assessment of Access Control in a Database Management System

This paper presents a qualitative assessment of access control in database management system to guide those who wish to implement a discretionary or/and non-discretionary access control model and need some support to choose the access control in database management system (DBMS) best suited to their security requirements. To accomplish this we apply the core concepts related to access control models, and the metrics in NISTIR 7874. The result of this work shows how the database management system chosen, MS SQL Server 2012 supports the core concepts and the most popular access control models: RBAC, DAC and MAC, all these based on NIST 7874 metrics.