Identifying users and assessing their processing and data access needs is a major undertaking in
establishing good database security protocols. Identifying and defining roles and correctly granting access rights to actions and objects and then appropriately assigning users to those roles is the
crux of the process. Once a role has been created, the format for implementing RBAC follows the
pattern:
GRANT privilege_name
ON object_name
TO role_name;
Privilege_name identifies the rights to be granted. These include such rights as selecting data,
modifying data, or manipulating the database structure. ON identifies the database objects and
TO identifies the roles to which those privileges are applied. For instance, if Dr. Smith was assigned the role of Faculty and Faculty were given read rights to the Student table, the RBAC rule
would be:
GRANT Select
ON Student_Table
TO Faculty;