Article Preview
Top1. Introduction
Nowadays, the large chunks of personal and sensitive data of individuals are stored and processed through online surveys and online product purchases. The organizations handling such data must take care of the privacy of individuals. Privacy preservation is the main requirement in processing personal and sensitive data (Byun & Li, 2008; Kabir & Wang, 2009; Colombo & Ferrari, 2014). The database management system plays a vital role in storing the data. The Database supports various access control mechanisms such as discretionary, mandatory which are operating at different levels of tables to the cells or tuples in the database. The idea with access control is that each database user gets access to a subset of databases to which they can query and get data that they required.
For any Information Management System, the major requirement is protecting the information and resources from unauthorized users. The organizations that handle such sensitive information must take care of the privacy of individuals. The privacy-preserving is the key requirement in processing personal and sensitive data (Byun & Li, 2008; Kabir & Wang, 2009; Colombo & Ferrari, 2014). The privacy preservation is the prerequisite in exchanging information. The main objective of privacy preservation is to transform original data into some anonymous form to protect sensitive information. To achieve data privacy, it is necessary to identify the type of information that is going to be protected and where that information is exposed.
Within Database Management Systems (DBMS), privacy policies regulate the collection, access, and disclosure of the stored personal, identifiable and sensitive data. Policies specify actions that must be executed or conditions that must be satisfied before or after data are accessed (Colombo & Ferrari, 2014). Purpose of access is one of the major components in privacy which considers data as a key factor in access control decisions (Jafari et al., 2011). There are different access control mechanisms are available like discretionary, mandatory which provides privacy. The purpose and role-based access control model help in bridging the gap between security and privacy-oriented data protection (Colombo & Ferrari, 2015). It enforces fine-grained access control on the basis of purpose of access, actions executed by SQL queries on accessed data, categories of data and role of the user. It regulates the execution of SQL queries based on purpose and role-based privacy policies. Data categories are also used to regulate access control.
The Purpose and Role Based Access Control (PuRBAC) model helps in bridging the gap between security and privacy-oriented data protection (Colombo & Ferrari, 2015). The Purpose Based Access Control (PuBAC) allows system access to the users based on the purpose for which they are accessing the data. The Role Based Access Control (RBAC) allows system access only to authorized users. RBAC gives privileges to the users based on their role in the organization. The PuBAC and RBAC together will enforce fine-grained access control on basis of purpose of access, actions executed by SQL (Structured Query Language) queries on accessed data, categories of data and role of the user. It regulates the execution of SQL (Structured Query Language) queries based on purpose and role-based privacy policies. Only authorized and authenticated users can access the data from the system. Data categories are also used to regulate access control.