Database Reference
In-Depth Information
• Monitoring the relational database performance
• Managing the backup and recovery procedures of the rela-
tional database
The types of DAC privileges are described as follows:
• The account privilege: Each user holds privileges that are
independent of the relations in the database. For example,
the DBA grants/revokes privileges to a user to CREATE
TABLE, CREATE VIEW, DROP, and ALTER.
• The relation privilege: The DBA can specify the privilege to
modify each individual relation in the relational database.
For example, the DBA grants/revokes privileges to a user to
SELECT/MODIFY/REFERENCE privilege on specific
relation R. Discretionary access controls can be granted to
many objects in the relational database system, such as the
database, group of relations, one relation, set of the attributes
of one relation, and group of tuples of one relation.
Making a discretionary access controls decision based on the
content of data is called data dependent access control [10,11]. For
example, some users cannot see salaries that are over than $100,000.
The two approaches for implementing access controls in the relational
databases are described as follows:
• View-based access control: A relation is the physical loca-
tion in the relational database that stores the data in the
relational database. A view is the logical set of the stored
query on the data. Unlike the physical table in the relational
database, a view is a logical table computed from data in the
relational database dynamically when access to that view is
requested.
• Query modification: A query that is written by a user is
altered to include the limitation determined by the user's
privileges. For example, the DBA grants user A to select only
the employees that are in the material department from the
relation of employees by the following grant statement:
GRANT SELECT ON Employees TO A
WHERE Department = 'material'
Search WWH ::
Custom Search