ary method used to protect data is limiting access to the data. This can be done through
authentication, authorization, and access control. These three mechanisms are distinctly different
but usually used in combination with a focus on access control for granularity in assigning rights
to specific objects and users. For instance, most database systems use some form of authentication, such as username and password, to restrict access to the system. Further, most users are authorized or assigned defined privileges to specific resources. Access control further refines the
process by assigning rights and privileges to specific data objects and data sets. Within a database, these objects usually include tables, views, rows, and columns. For instance, StudentA may
be given login rights to the University database with authorization privileges of a student user
which include read-only privileges for the Course_ Listing data table. Through this granular level
of access control, students may be given the ability to browse course offerings but not to peruse
grades assigned to their classmates. Many students, today, inherently understand the need for
granularity in granting access when framed in terms of granting ‘friends’ access to their Facebook
site. Limiting access to database objects can be demonstrated through the Grant/Revoke access
control mechanism.