Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Access Control on NoSQL Databases



Vincent C. Hu


NoSQL database systems and data stores often outperform traditional RDBMS in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users' availability. However, with an increasing number of people storing sensitive data in NoSQL databases, security issues have become critical concerns. NoSQL databases suffer from vulnerabilities, particularly due to the lack of effective support for data protection, including weak authorization mechanisms. As access control is a fundamental data protection requirement of any database management system DBMS, this document focuses on access control on NoSQL database systems.
NIST Interagency/Internal Report (NISTIR) - 8504
Report Number


access control, attribute-based access control, authorization, database systems, No-SQL, SQL.


Hu, V. (2024), Access Control on NoSQL Databases, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online],, (Accessed May 26, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created May 7, 2024, Updated May 10, 2024