Databases Reference
In-Depth Information
of users; roles, that is, named collections of privileges needed to perform spe-
cific activities within the system; and processes, which execute programs on
behalf of users. These categories are not mutually exclusive. For instance, a
model can support roles and groups, or users and processes.
Often, both roles and groups are hierarchically organized. The hierar-
chy imposed on groups usually reflects the membership of a group to another
group. By contrast, the role hierarchy usually reflects the relative position of
roles within an organization. The higher the level of a role is in the hierarchy,
the higher its position is in the organization.
Processes need system resources to carry on their activities. Generally,
processes refer to memory addresses, use the CPU, call other programs, and
operate on data. All those resources must be protected from unauthorized
accesses. Usually, a process is granted access only to essential resources, that
is, resources necessary to the completion of the processs tasks. That limits
possible damage deriving from faults of the protection mechanism.
As far as users are concerned, sometimes it would be useful to specify
access policies based on user qualifications and characteristics, rather than
user identity (e.g., a user is given access to an R-rated video only if he or she is
older than 18). This is the case, for instance, in digital library environments.
In access control models supporting those possibilities [2, 3], users must pro-
vide information, typically about themselves, that allows the access control
mechanism to decide whether the access must be authorized or not.
Authorization privileges state the types of operations a subject can
exercise on the objects in the system. The set of privileges depends on the
resources to be protected. For instance, read, write, and execute privileges are
typical of an operating system environment, whereas in a relational DBMS
typical privileges are select, insert, update, and delete. Moreover, new envi-
ronments, such as the digital library environment, are characterized by new
access modes, such as usage or copying access rights.
Often, privileges are hierarchically organized, and the hierarchy repre-
sents a subsumption relation among privileges. Privileges toward the bottom
of the hierarchy are subsumed by privileges toward the top (for instance, the
write privilege is at a higher level in the hierarchy with respect to the read
privilege, because write subsumes read operations).
11.2.2
Access Control Policies
Access control policies give the criteria to decide whether an access request
can be authorized or should be denied. A basic distinction is between discre-
tionary and mandatory access control policies.
