A New Door Opens - Using Attribute Values Passed from Your Application to Impact Filtering

In the latest release of Axiomatics Data Access Filter MD (ADAF MD), we introduced a neat little feature called user-defined symbols. This feature enables you to pass attribute values from the data requesting application, and from these values impact the evaluation of the access control policy and, hence, the filtering of data received by the application.

In this technical blog post, we’ll look at how this new feature can be used to solve a particular business case - namely the need to impersonate a user or delegate access control rights.

Continue reading
980 Hits
0 Comments

Data modification is a matter of access control, too

In a p​revious blog post​ we discussed how the Axiomatics Data Access Filter for Multiple Databases ​lets you define and enforce fine-­grained, policy-­based a​ccess control on data ​at the time it's inserted into the database. This ability is fundamental if you want to provide any guarantees on data quality. Obviously, guaranteeing data quality is a complex task that involves taking care of the many ways in which data can come to reside in the database. For instance, it’s not enough to be able to control who inserts data into the database, but also who can modify it, and how.

Continue reading
2122 Hits
0 Comments

Data creation is also a matter of access control

Database access control is not only about controlling who can read the data, but also about making sure that the right people get to generate it. You may say that they are two sides of the same coin. It’s not only important to restrict how data is extracted from the database. You need to make sure that the data stored in the database comes from the right sources.

Continue reading
1810 Hits
0 Comments

Policy-based Data Filtering

“How can I protect the data stored in my database without having to disconnect it completely from the world?”

If this sounds familiar, then you probably own or are responsible for a piece of sensitive information. You cherish it and understand that it’s to your advantage to keep it safe. At the same time, you would like to share the information with people you trust --even from outside the organization-- so that they may put it to good and profitable use.

That the information happens to be stored in a relational database is something you find very convenient: it is easy to connect to the database and query the information using SQL; anyone that has access can analyze it, write reports on it and even build applications with it.

But this is far from easy. Laws and regulations of various sorts put limits on how to share information. Business requirements change rapidly, so whoever was allowed to access the data yesterday may not be allowed to access it today. Concurrent regulations and/or business needs get combined into increasingly complex and dynamic policies. Also the granularity of access has changed, from the database to the table to the row and finally to the cell level. To complicate matters even further, there is on-going explosion of data volumes. Changing the way we develop applications from now on can help, but we still need to take care of legacy applications, where retrofitting access policies may turn out to be close to impossible.

Continue reading
3664 Hits
0 Comments

Data Filtering for Multiple Databases

Earlier this year, we released a new product, the Axiomatics Data Access Filter (ADAF). ADAF provides powerful, standards-based data filtering, meaning you can protect your data from ever leaving the database; and you can protect applications with modern, externalised access control even if you can’t make changes to the applications.

Today, ADAF supports Oracle databases, and uses a component of the Oracle Database - Virtual Private Database (VPD) - to intercept and parse the SQL query.

So what happens if your data resides in some other database - say, SQL Server?

Continue reading
3268 Hits
0 Comments