Database Reference
In-Depth Information
may be granted access privileges to database objects at various levels of detail.
Another dimension of access control refers to the modes or types of access granted
to a single user or to a category of users. How do you grant access privileges to a
single user or user category? This leads to the two basic approaches to access
control.
As noted above, the DBMS provides two basic approaches to access control: dis-
cretionary control and mandatory control. Discretionary access control refers to the
granting of privileges or rights to individual users. Although discretionary access
control is fairly effective, it is possible for an unauthorized user to gain privileges
through an unsuspecting authorized user. Mandatory access control is more effec-
tive in overcoming the defects of discretionary access control.
We will first discuss how data access control pertains to levels of database objects
and access types or modes. Data levels and access types form a grid, and access pri-
vileges may be granted at the intersections of data levels and access types. Our dis-
cussion will continue on the mechanisms for granting access privileges under the
discretionary or mandatory access control approaches. In this section, you will also
study the two important topics of authentication and authorization of users.
Levels and Types of Data Access
Let us grasp the significance of data levels for the purpose of granting access pri-
vileges. Consider the following database relation containing data about a worker in
a construction company:
WORKER (WorkerId, Name, Address, City, State, Zip, SuperId, WageRate)
Examine the following list of possible ways of granting of access privileges to a
specific user:
•
User has unlimited access privileges to the entire WORKER relation.
•
User has no access privileges of any kind to any part of the WORKER
relation.
•
User may only read any part of WORKER relation but cannot make any
changes at all.
•
User may read only his or her row in the relation but cannot change any
columns in that row.
•
User may read only his or her row in the relation but can change only the Name
and Address columns.
•
User may read only the WorkerId, Name, Address, and SuperId columns of any
record but can change only the Name and Address columns.
•
User may read only the WorkerId and WageRate columns of any record but
can modify the WageRate column only if the value is less than 5.00.
•
User may read all columns of any record but can modify the WageRate only if
the SuperId column value is the value of WorkerId of that user.
The above list is in no way exhaustive. Yet you can readily observe that a general
method of security enforcement must possess a great range and flexibility. A flexi-
Search WWH ::
Custom Search