A systematic literature review of authorization and access control requirements and current state of the art for different database models

Purpose Data protection requirements heavily increased due to the rising awareness of data security, legal requirements, and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Design/methodology/approach We follow a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, we continue with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. We then discuss and compare current database models based on these requirements. Findings As no survey works consider requirements for authorization and access control in different database models so far, we define our requirements. Furthermore, we discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements. Originality We focus on authorization and access control for various database models, not concrete products. We identify today’s sophisticated - yet general - requirements from the literature and compare them with research results and access control features of current products for the relational and NoSQL database models.