Authorization and Access Control for Different Database Models: Requirements and Current State of the Art.

Traditional SQL-based data stores have been the market leaders for decades. However, they have drawbacks with today's massive and highly connected data due to their low flexibility in terms of data structures. NoSQL database models (i.e., key-value, column, document, and graph) are designed for unstructured data in large quantities. However, they currently lack fine-grained dynamic security support, with respect to authorization and access control, in contrast to relational database management systems. We define advanced authorization and access control requirements which are applicable for any database model regardless of the application and access control scenario. According to our discussion on existing access control features versus the requirements in the context of each database model, we conclude whether the requirements are satisfied or not, and provide a corresponding overview.