You are hereAttribute Based Access Control/SPM / Using Database Rows as Attributes

Using Database Rows as Attributes


The value of any database row, including the current row being operated upon, may be used as a context attribute. This provides great power and flexibility in creating adaptive Trusted RUBIX ABAC policy.

 

For sample usage please see Example: Individual Tables with IP Address White Lists and Example: Row Access Restricted to Row Creator.

 

A single field of the current row being operated upon may be extracted into policy using the FieldSelector operator. During execution this will be replaced with the value of the specified row field. Multiple FieldSelector operators may be used within a single policy.

 

A set of column values from any database table may be imported into Trusted RUBIX ABAC policy using the ImportColumnSelector operator. During execution this will be replaced by a set of values from the specified table and column. The set of values may optionally be filtered using the ImportFieldSelector operator. This operator will allow any field value from the table row to be used as input to a boolean expression. The result of the boolean expression will determine if the row is included in the imported set of values.

 

When rows are imported from database tables and used to make security decisions within a policy, special care must be taken to protect the modification of the rows within the tables. Typically, RXSML policy would be deployed that restricts modification to the Security Administrator.

 

The following diagram shows a policy which uses Field3 of the current row, Column1 from Table1, and Column2 from Table2 as attributes. Note that the filter applied to a table column may use any field of the row.