Advanced access control system for multi-tier server applications

Abstract

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.