Access Control Model Based On Role And Attribute For Secured Application. 805 Turkish Online Journal of Qualitative Inquiry (TOJQI) Volume 12, Issue 6, June 2021: 805- 812 Access Control Model Based On Role And Attribute For Secured Application. Ashwini Parkar a , Madhuri N. Gedam b , Dr. Nazneen Ansari c , Dr. Vaibhav E. Narawade d a Department of Computer Engineering,Shri L R Tiwari College Of Engineering,Thane, India, parkarashwini14@gmail b Department of Information Technology, Shri L R Tiwari College Of Engineering, Thane, India,madhuri.gedam@gmail.com c Department of Information Technology , St. Francis Institute Of Technology,Mumbai,India,nazneenansari@sfit.ac.in d Department of Computer Engineering ,Ramrao Adik Institute Of Technology,Navi Mumbai, India, vnarawade@gmail.com Abstract Access control mechanism is used to secure an organization from insiders and intruders. RBAC and ABAC are the most popular models at present. Yet, they both deteriorate with pitfalls. RBAC has been widely adopted due to security advantages but difficult to meet dynamic access control requirements where ABAC provides more flexibility by introducing attributes. But system complexity due to the addition of attributes is the main drawback of ABAC. This paper combines benefits of these two models to come up with a role and attribute based RABAC model. RBAC manages static attributes and ABAC manages dynamic attributes which makes it more flexible, fine grained and user friendly. Additionally, we employ RABAC model to design a secured web application framework according to the characteristics of the model. This makes the application robust to hold out against SQL injection attacks.. Keywords: RBAC, ABAC, RABAC, SQLIA 1. Introduction Now a days, the information security of an organization has become a crucial part for it to protect their data from internal and external attacks. Access control, one of the information security principles, is used to shield data from illegitimate access and also to make decision on who is able to access what [3]. Three major access control models gained much more attention: DAC, MAC and RBAC in early 70s. With evolution of information technology, the flaws in DAC and MAC gradually emerged as they could be able to meet the requirements of small applications only. RBAC model perpetuates the security and flexibility by introducing role between users and permissions. Further growth of network environment its need complicated. Access control decision policy became much dependent on the subjects(users) and objects(resources) attributes. It then analyzed that RBAC is inadequate for the contextual attributes requirement to allow access to a user. Briefly, RBAC leads to role- permission explosion problem [14]. Also deficient in the environment where a very large number of objects exists, even for bulk of users, huge data for a bigger organization [5].The access control mechanism is being developed in the direction of fine grained and system hierarchy in the current environment and based on the attributes of subject and object authorizations are implemented [10]. The ABAC concept is based on attributes preserved by users, resources and conditions of environment-rules under which access is granted or denied [15].ABAC uses dynamically changing attributes to make decisions. But attributes are meaningless until they are associated with a subject, object or relation [24]. Both Role Based and Attribute Based Access Controls