A department manager has read access to the salaries of the employees in his/her department but
not to the salaries of employees in other departments. A database security mechanism that
enforces this policy would typically be said to provide which of the following?
A.
content-dependent access control
B.
context-dependent access control
C.
least privileges access control
D.
ownership-based access control
Explanation:
“Database security takes a different approach than operating system security. In an
operating system, the identity and authentication of the subject controls access. This is done
through access control lists (ACLs), capability tables, roles, and security labels. The operating
system only makes decisions about where a subject can access a file; it does not make this
decision based on the contents of the file itself. If Mitch can access file A, it does not matter if that
file contains information about a cookie recipe or secret information from the Cold War. On the
other hand, database security does look at the contents of a file when it makes an access control
decision, which is referred to as content-dependent access control. This type of access control
increases processing overhead, but it provides higher granular control.” Pg. 677 Shon Harris:CISSP Certification All-in-One Exam Guide