Databases Reference
In-Depth Information
Table 11.1 (continued)
Approach
Objects
Subjects
Types
Administration Policies
Revoke
Kelter
Class instances
Users, groups
Positive/negative,
implicit
Owner administration
Not defined
Orion
DB, classes, class
instances, sets of class
instances, object
components*
Roles
Positive/negative,
strong/weak, implicit
DBA administration
SeaView
DB, tables
Users, groups
Positive/negative,
implicit
Delegation
Noncascading
Starbust
Tables, rules
Users, groups
Positive, implicit
Owner administration
Not defined
Tables, attributes, views
System R
Users
Positive, content-based
Owner administration,
delegation
Recursive
Tables, attributes, views
Wilms
Users, groups
Positive, content-based
Owner administration,
delegation
Recursive
*Object components can be attributes, methods, or values.
Views are used to support content-based access control.
More precisely, [21] provides the notion of subject class, to model subjects with the same authorization requirements.
§
The model also supports a set of DBAs that hold privileges on each function in the system.
