There are various security mechanisms that provide discretionary access control in a database management system. These security mechanisms are the means of restricting access based on privileges (Cui, & Wu, 2012). For a user to access an object, you must grant the appropriate privileges. Users with the appropriate privileges can grant privileges to other users at their discretion. For this reason, this type of security is called "discretionary". These mechanisms manage the security database using different services or facilities:
Users and schemas
Benefits
Roles
Limits on resources
Monitoring
Users and schemas
Each database has a list of user names. To access the database, a user must use an application and try to establish a connection with a valid user name for the database. Each user has an associated password to prevent unauthorized use. Each user has a domain security, a set of properties that determine such factors as:
Actions (privileges and roles) available to the user
Limits of space in table space for user
Limits use of resources of the system to users
Benefits
These are the privileges or the permission to execute particular type judgments SQL. The privileges of an ORACLE database can be divided into two distinct categories: system privileges and object privileges. The system privileges allow users to play an action particularly within the system or a particular action on a particular object type. For example, the privilege to create a table space or delete rows from a table in the database is system privileges. Many system privileges are available only to administrators and application developers because these privileges are very powerful. There are two basic types of privileges; Object privileges allow users to perform actions on a specific schema. For example, the privilege to delete rows from a specific table is an object privilege. Object privileges are assigned to end users, so they can use an application of the database to perform specific tasks. Assign Privileges in which a user can receive a privilege in two ways: Privileges can be assigned to users explicitly.
The privileges can be assigned to roles (groups of privileges), and then the role can be designated to one or more users. Because roles allow for easier and better management of privileges, these usually are assigned to roles and not to specific users (Olson et.al, 2013).
Roles
This security mechanism provides roles for administration and easier controlled privileges. Roles are a named group of privileges that are assigned to users or other roles. The following properties of roles allow you to manage the privileges of an easier way:
Reduced allocation of privileges: Rather than explicitly granting the same set of privileges to many users the administrator of the database can assign privileges to a role and this in a group of users.
Managing dynamic privileges: When the privileges of a group must change, only the privileges of the role need to be modified. The security domains of all users who assigned that role, automatically reflect the changes made ??to the role.
Selective availability of privileges: The roles assigned to users can ...