NoSQL technologies have become a common component in many information systems and software applications. These technologies are focused on performance, enabling scalable processing of large volumes of structured and unstructured data. Unfortunately, most developments over NoSQL technologies consider security as an afterthought, putting at risk personal data of individuals and potentially causing severe economic loses as well as reputation crisis. In order to avoid these situations, companies require an approach that introduces security mechanisms into their systems without scrapping already in-place solutions to restart all over again the design process. Therefore, in this paper we propose the first modernization approach for introducing security in NoSQL databases, focusing on access control and thereby improving the security of their associated information systems and applications. Our approach analyzes the existing NoSQL solution of the organization, using a domain ontology to detect sensitive information and creating a conceptual model of the database. Together with this model, a series of security issues related to access control are listed, allowing database designers to identify the security mechanisms that must be incorporated into their existing solution. For each security issue, our approach automatically generates a proposed solution, consisting of a combination of privilege modifications, new roles and views to improve access control. In order to test our approach, we apply our process to a medical database implemented using the popular document-oriented NoSQL database, MongoDB. The great advantages of our approach are that: (1) it takes into account the context of the system thanks to the introduction of domain ontologies, (2) it helps to avoid missing critical access control issues since the analysis is performed automatically, (3) it reduces the effort and costs of the modernization process thanks to the automated steps in the process, (4) it can be used with different NoSQL document-based technologies in a successful way by adjusting the metamodel, and (5) it is lined up with known standards, hence allowing the application of guidelines and best practices.

NoSQL 技术已成为许多信息系统和软件应用程序中的常见组件。这些技术专注于性能，支持对大量结构化和非结构化数据的可扩展处理。不幸的是，大多数基于 NoSQL 技术的发展都将安全视为事后的想法，将个人的个人数据置于危险之中，并可能造成严重的经济损失和声誉危机。为了避免这些情况，公司需要一种方法，将安全机制引入到他们的系统中，而不用废弃已经就位的解决方案来重新启动设计过程。因此，在本文中，我们提出了第一种在 NoSQL 数据库中引入安全性的现代化方法，专注于访问控制，从而提高其相关信息系统和应用程序的安全性。我们的方法分析了组织现有的 NoSQL 解决方案，使用域本体来检测敏感信息并创建数据库的概念模型。连同此模型，列出了一系列与访问控制相关的安全问题，使数据库设计人员能够确定必须纳入其现有解决方案的安全机制。对于每个安全问题，我们的方法会自动生成建议的解决方案，包括权限修改、新角色和视图的组合，以改进访问控制。为了测试我们的方法，我们将我们的过程应用于使用流行的面向文档的 NoSQL 数据库 MongoDB 实现的医疗数据库。