Access granularity designates the scale or precision level(s) at which access control is supported by a system. A system that supports finer grained access controls may provide more configurational flexibility but may require higher maintenance costs, unless it provides efficient mechanisms to simplify and automate access management. Conversely, a system that supports coarser grained access controls may provide less configurational flexibility but may require lower maintenance costs. A system may simultaneously support multiple access granularity levels. When loosely speaking about the granularity of a system, the intention is often to get a sense of the flexibility provided by a system and thus the smallest level is generally implied. Examples: a file server may support file-level ACLs as its smallest access granularity. a relational database management system may support database-level, table-level, row-level and field-level access granularities. a business application may implement complex policy-based access control mechanisms that resolve in a matrix of record and operation access granularity levels where both record and operation accesses are required to gain access.
|