Operations on the data shared in a business corporate network need to be satisfactorily controlled. To fulfill this requirement, we employ distributed role-based access control. In corporate network, users who access data on a certain peer may come from different participating organizations. However, the system administrator of each participating organization reserves the right to manage the data access of users on their own shared data.

Distributed Access Control is a component that allows administrators of peers to manage admissions to their shared databases. When a peer exports a data table, the peer administrator needs to specify which roles can access the table. Basically, there are two types of roles: standard role and restricted role, which are predefined by the service provider and are loaded to the peer when it joins the system. If a table is published with the standard role, all users can access its content. However, if the table is published with the restricted role, only a limited set of users can access the table content. Addtionally, Bestpeer supports multi-granularity acess control on data table. Access privileges on data table can be defined at row level and column level.