Implementation of Discretionary Access Control and Role-Based Access Control Policy in Online Shopping System

Abstract

Today many business applications use Database System to maintain their business information and many users access to Database to get information. The system need to create the security principals for users to allow multiple accesses to the database. The system needs to restrict or widen access to different parts of the database and manipulate the permissions or access constraints of the database object. In this thesis, Discretionary Access Control (DAC) method and Role-Based Access Control (RBAC) method are used to secure the database for online application system. These online systems also face malicious users attack to the database server and database variety of attacks. The proposed system intends to protect, some of these database attack using the role-based access control for permission and access right on the database is implemented for online shopping system. The result of this approach enables users to seamlessly, and transparently access from one service to another. The system is implemented by using Microsoft Visual Studio ASP.Net and SQL server 2005.