Must-have Component A. 1

Description

This project component includes building an access control module to your database by supporting NSM (new security model). NSM is different from both Discretionary Access Control (DAC) and Mandatory Access Control (MAC),  but has elements of both. NSM is an extension of DAC to include a list of forbidden privileges.

Given the user U, we maintain a list of forbidden privileges for U. For instance we may decide that the user John cannot have SELECT privileges on the table clients. NSM works just like DAC, but if someone tries to grant John SELECT privileges on clients, then The grant operation must be rejected (with an appropriate message sent to the grantor). The failed attempt must be logged.

For our purposes, the only privileges are INSERT and SELECT. Neither INSERT nor SELECT has attribute lists. Further, the INSERT privilege implies the SELECT privilege (unlike the standard in DAC).

 

We do not have access to the system files that control security, so we will simulate them. Your project should have a database table my_permissions where you store the privileges. The scheme for forbidden_list is forbidden_list(user, table_name, privilege, grant_option).

Implementation requirements

• You should provide a webpage interface for managing the access control.
• You web interface should allow the forbidden_list  and logs to be displayed
• Your web interface must allow insertion to and deletion from the forbidden_list.
• Your web interface must allow granting and revoking SELECT and INSERT privileges.
• Error messages should be output to the web interface. 
• You must populate the forbidden_list with at least 20 entries.
• You must write documentation explaining the system and giving examples of queries that show the behavior of the system.