Overcoming the Identity Crisis
In a typical web application, the user’s identity is lost between client and database at application server level. The "technical user" exclusively used for SQL-based queries of the database does not know the role, let alone the specific identity of the user placing the query.
This special technical feature entails considerable limitations with regard to security, in particular concerning transparency and traceability/comprehensibility. Increasing efforts are made to eliminate these limitations by means of a variety of measures and tools.
The following figure schematically shows the typical architecture of web-based solutions:
If the user and his role are known to the application, this information disappears between the application server and the database, since as a rule a "technical user" accesses the database anonymously via the query language SQL.
Through the use of a specific data access control solution, this access is personalized by providing the SOL queries with the attributes of the user or his role by means of the real-time deployment of a set of rules.
The 3-tier architecture is maintained, the access control is integrated in the application server:
The main function is and will remain the security-relevant access protection IN REAL TIME right down to field level of each table. This applies to all available operations: create, read, update, delete - or CRUD.
Furthermore, thanks to this architecture, reporting & alerting is "user-aware", i.e. every access to the database, every single modification of data, even the most minor ones, can be observed down to the smallest detail together with the information about the initiating user.