DATABASE SECURITY - Database Design and Development: An Essential Guide for IT Professionals

Database Reference

In-Depth Information

ble security system in a DBMS must be able to grant privileges at the following data

levels:

The whole database

Individual relation; all rows and all columns

All rows but only specific columns of a relation

All columns but only specific rows of a relation

Specific rows and specific columns of a relation

Now let us move on to the consideration of modes or types of data access. You

are familiar with access types or modes of create, read, update, and delete (some-

times indicated by the acronym CRUD). Let us expand the list of access types to

include all types:

Insert or Create. Add data to a file without destroying any data.

Read. User may read and copy data from the database into the user's environment

through an application program or a database query.

Update. Write updated values.

Delete. Delete and destroy specific data objects.

Move. Move data objects without the privilege of reading the contents.

Execute. Run a program or procedure with implied privileges needed for the

execution.

Verify Existence. Verify whether a specific database object exists in the database.

You have noted the various access types and also the levels of data eligibility

based on which access privileges may be granted. What is your observation from

this discussion? What are the implications? You can easily realize the immense

flexibility needed for giving access privileges. Although numerous variations are

possible, most commonly access privileges are granted to single relations in the

CRUD modes.

Discretionary Control

As mentioned above, in this approach, individual users are granted privileges or

rights to access specific data items in one or more designated modes. On the basis

of the specification of privileges, a user is given the discretion to access a data item

in the read, update, insert, or delete modes. A user who created a database object

automatically derives all privileges to access the object including the passing on of

privileges to other users with regard to that object.

While discussing SQL data control examples in Chapter 13, we introduced the

SQL commands for granting and revoking access privileges. This is how SQL sup-

ports discretionary access control. Now we will explore the fundamental concepts

of discretionary access control and go over a few more examples.

Search WWH ::

Custom Search

Home