Database Reference
In-Depth Information
Miller gives Goldstein privileges for inserting and deleting rows in both tables,
allowing permission to propagate these privileges:
GRANT INSERT, DELETE ON DEPARTMENT, EMPLOYEE TO Goldstein
WITH GRANT OPTION;
Goldstein passes on the privileges for inserting and deleting rows in the
DEPARTMENT table to Rogers:
GRANT INSERT, DELETE ON DEPARTMENT TO Rogers;
Miller gives Williams the privilege to update only the salary and position
columns in the EMPLOYEE table:
GRANT UPDATE ON EMPLOYEE (Salary, EmployeePosition) TO Williams
DBA gives Shady privilege to create tables:
GRANT CREATETAB TO Shady;
Shady creates table MYTABLE and gives Miller privilege to insert rows into
MYTABLE:
GRANT INSERT ON MYTABLE TO Miller;
Mandatory Control
Discretionary access control provides fairly adequate protection. This has been
the traditional approach in relational databases. A user either has certain access
privileges or he or she does not. The discretionary access control method does
not support variations based on the sensitivity of parts of the database. Although
the method is sufficient in most database environments, it is not bulletproof. An
ingenious professional can drill holes into the protection mechanism and gain
unauthorized access.
Note the actions of user Shady indicated in the last few statements of the previ-
ous subsection. Shady has created a private table MYTABLE of which he is the
owner. He has all privileges on this table. All he has to do is somehow get sensitive
data into MYTABLE. Being a clever professional, Shady may temporarily alter one
of Miller's programs to take data from the EMPLOYEE data and move the data
into MYTABLE. For this purpose, Shady has already given privileges to Miller for
inserting rows into the MYTABLE table. This scenario appears as too unlikely and
contrived. Nevertheless, it makes the statement that discretionary access control has
its limitations.
Mandatory access control overcomes the shortcomings of discretionary access
control. In the mandatory access control approach, access privileges cannot be
granted or passed on by one user to another in an uncontrolled manner. A well-
defined security policy dictates which classes of data may be accessed by users at
which clearance levels. The most popular method is known as the Bell-LaPadula
model. Many of the commercial relational DBMSs do not currently provide for
mandatory access control. However, government agencies, defense departments,
financial institutions, and intelligence agencies do require security mechanisms
based on the mandatory control technique.
Search WWH ::
Custom Search