Databases Reference
In-Depth Information
System R
authorization model
[8]
[10]
[12]
[11]
[13]
[14]
-groups
-System R*
-noncasc. rev.
-neg. auth.
-strong/weak
authorizations
- neg. auth
-roles
-periodic auth.
-der. rules
[9]
-views
Figure 11.3
Extensions to the System R authorization model.
Conflicts between positive and negative authorizations are solved according
to the denials-take-precedence policy. Thus, whenever a subject has both a
positive and a negative authorization on the same object for the same privi-
lege, it is prevented from accessing the object.
Negative authorizations are also supported by the SeaView model [11],
by means of a special privilege denoted as null. A subject having the null
privilege on a table cannot exercise any access on the table. Thus, it is not
possible to selectively deny a subject accesses to a table. For instance, it is
not possible to specify that a subject is authorized to read a table and, at the
same time, it has the denial to write on that table.
In [12] a more flexible approach to deal with authorization conflicts is
proposed in which negative authorizations do not always override positive
ones. The model in [12] is based on the concept of strong and weak authori-
zations. Authorization subjects can be either single users or groups. Authori-
zations given to members of a group are considered as prevailing with respect
to the authorizations given to the group. Conflicts among contrasting
authorizations such that neither one of them overrides the other are solved
in different ways according to the type (i.e., strong versus weak) of the
authorizations. Conflicts between a weak and a strong authorization are
always solved in favor of the strong authorization. Conflicts between strong
authorizations are solved according to the no-conflicts policy. By contrast,
