In a previous blog post we discussed how the Axiomatics Data Access Filter for Multiple Databases lets you define and enforce fine-grained, policy-based access control on data at the time it's inserted into the database. This ability is fundamental if you want to provide any
Database access control is not only about controlling who can read the data, but also about making sure that the right people get to generate it. You may say that they are two sides of the same coin. It’s not only important to restrict how data is extracted from the database. You need to make
In 1668, when Thomas Hobbes wrote ‘knowledge is power’* for the first time ever, it is unlikely he was thinking of knowledge in terms of information. Nonetheless the aphorism has kept its weight in the Information Age. For us, knowledge means acquired information, and its power emanates from
“How can I protect the data stored in my database without having to disconnect it completely from the world?” If this sounds familiar, then you probably own or are responsible for a piece of sensitive information. You cherish it and understand that it’s to your advantage to keep it safe.
In the previous blog post we reviewed the concept of access review and discussed how well access control models deal with it. Also, at the end of that first part, we took note of the commonly-held concern that Attribute-Based Access Control (ABAC) complicates access reviews to the point that they
This is a two-parts blog post on the difficulties of doing access reviews with Attribute-Based Access Control (ABAC) and how to work around them. In this post we discuss what an access review is, what it is used for, how it’s performed depending on the access control model and notice that it’s