A department manager has read access to the salaries of the employees in his/her department but
not to the salaries of employees in other departments. A database security mechanism that enforces
this policy would typically be said to provide which of the following?

A.
content-dependent access control

B.
context-dependent access control

C.
least privileges access control

D.
ownership-based access control

Explanation:
“Database security takes a different approach than operating system security. In an operating
system, the identity and authentication of the subject controls access. This is done through access
control lists (ACLs), capability tables, roles, and security labels. The operating system only makes
decisions about where a subject can access a file; it does not make this decision based on the
contents of the file itself. If Mitch can access file A, it does not matter if that file contains information
about a cookie recipe or secret information from the Cold War. On the other hand, database security
does look at the contents of a file when it makes an access control decision, which is referred to as
content-dependent access control. This type of access control increases processing overhead, but it
provides higher granular control.” Pg. 677 Shon Harris: CISSP Certification All-in-One Exam Guide