Abstract
The web applications are very popular. There are many users who can log into a system and access, update, or delete the information. In traditional approach, users are recognized by the username and password provided to gain access, which were stored in the database. In this approach, authentication is only done when users try to login into the application. Once the user has successfully entered into web application, they can do as many transactions as they want, via single database connection. Access control can restrict the information access to users. Although, in case of web applications, there might be more than one user working on an application at the same time. In order to ease the complexity of granting access to multiple users, Role-based Access Control was implemented. Instead of granting permissions to each and every user, roles are defined based on the responsibilities and positions a user has in an organization. Permissions are granted to the roles and the roles are assigned to the users to perform certain operations on the application, or to access certain information. It is a way of restricting the web application for authorized users. According to the roles and permissions to the roles, a user can access the functionalities and vital information from the application. In this project, I have implemented the Role-based access control approach, using Employee - Department schema. The project is developed using Oracle 10G Express Editions and Eclipse Galileo 3.2. Five different types of roles were created and different sets of permissions have been assigned to those roles. I created many users and assigned appropriate roles to those users. To show the role-based access control, I developed a web application in Eclipse Galileo 3.2. This project shows how role-based access control can increase database security by restricting users with limited access to the system. It also shows how we can minimize SQL Injection attacks by implementing role-based access control.