Dynamic Authorization for Multiple Databases – How it Works

The Axiomatics Data Access Filter for Multiple Databases (ADAF MD) uses a generic proxy to protect multiple database types, such as Oracle, IBM DB2, Microsoft SQL Server, or Teradata from a central point. The proxy component intercept requests to all of these databases and queries the core ADAF MD engine for authorization of intercepted SQL statements. The combination of Dynamic Data Masking and Data Access Filtering brings database security to a new level.

The Axiomatics Data Access Filter MD (ADAF MD) product has the following components:

  • An SQL Proxy Service performs database activity monitoring to intercept calls to the database. It then queries an authorization service to achieve data access filtering and dynamic data masking.
  • An SQL Filter Service evaluates requests against corporate policies defined in the eXtensible Access Control Markup (XACML) language.
  • For XACML Policy management components from APS Express Edition are included. 

The SQL Proxy acts as an enforcement point. It uses proven and robust technology which is easy to deploy and has minimal impact on your existing data layer.

ADAF MD can be configured to act on all incoming requests or just a specific set of SQL statements. Once configured, the authorization policies are consistently applied across all incoming connections to which they are applied, regardless of application end-point. One and the same policy can thus protect multiple databases from queries sent from multiple applications.

The enforcement of corporate policies is achieved via these core capabilities:

  • The proxy performs database activity monitoring to allow actions to be taken on specific queries
  • Data Access Filtering filters out all records from a database query result set for which the user has no authorization
  • Dynamic Data Masking redacts or masks individual cells within a filtered data set

Attribute Based Access Control (ABAC) policies thus control exactly who should gain access to what, where, when, why and how down to the level of indivudual cells in database queries.