First of all, we add the Teradata Database to the growing list of relational database systems that we support. We have had increased demand for providing strong policy-driven access control capability for Teradata databases, and with this release, we deliver on that request.
In addition, with this release ADAF MD now supports the ability to filter, at the column and row level, the INSERT and UPDATE operations, in addition to the existing support for the SELECT SQL queries. What this means is that you are able to provide the same level of fine-grained access control to the INSERT and UPDATE operations as you were able to for the SELECT (i.e. read) operations on data in these relational databases.
Consider the case where one wants to enforce a policy that states that employees in the HR department of an organization can view all records, except the salary information, of employees if the HR employee belongs to the same region as the employee. In order to view the salary record, the HR employee should also have a “manager” designation. Existing capabilities of ADAF MD make it easy to enforce such attribute based fine-grained access to data, something that is hard to do using traditional database access control systems.
Now consider an additional IT policy which states that only HR managers belonging to the same region as the employee can update the salary record of the employee. Starting from release 1.4 of ADAF MD you can use the same workflow of using your policies in the ABAC-centric XACML language to express and enforce the policy.