Abstract
This paper presents a Role based query modification access control model that is implemented at database level by which fine-grained access control is handled by the underlying DBMS . The proposed model is a combination of the Role based access control model and the case statement query modification algorithm. While RBAC is used to specify the security policy for an organization , queries are modified to reflect the policy rules specified by RBAC model. The proposed model provides cell level granularity for relational database access control through a database level implementation that can't be bypassed and is independent of the underlying DBMS. It considers the insert, update and delete statements in the modification. It reduces the database size required to store the privacy meta data which will improve the performance by reducing the execution time of a given query. It also simplifies the security administration and the maintenance of users and their security policies