Databases Reference
In-Depth Information
which can refer to either the user or the processes run by the user, must
have the appropriate privilege to access an object (e.g., a data table or
view). This type of access control is referred to as discretionary because
appropriately authorized users can grant other users access privileges at
their discretion. For example, the owner of a database table may grant
another user permission to select data from that table.
In most relational database systems, discretionary controls are imple-
mented by means of SQL, which is the standard query language for rela-
tional systems. Under SQL, users can be granted various privileges to
access tables and other objects. The implementation of discretionary con-
trols vary according to the vendor-specific extensions of SQL and the
degree of granularity enforced.
In a relational database, views can support the enforcement of discre-
tionary controls. Views are virtual tables consisting of a subset, union, or
join of the columns of one or more tables. Data managers can provide users
with access to relevant subsets of data, in the form of views, while restrict-
ing them from direct access to complete database tables. Data access priv-
ileges can also be stored in data dictionary views, providing an effective
method of managing these privileges.
Although discretionary controls are sufficient for many applications, they
do not always provide necessary security. For example, the management of
privileges may be difficult, as illustrated by the following scenario. User A
grants user B access to table, with the intention that no other users be
granted such access; however, user B may promulgate access privileges to
user C, thereby defeating user A's intention to limit access to the table. With
discretionary controls, this problem can be avoided only through painstak-
ing management of privileges. Newer relational database products that
implement mandatory access controls can virtually eliminate the problem.
All relational database systems offer some audit capabilities, but the
audit capabilities of most products are incomplete and the tools for analyz-
ing audit data are insufficient. In addition, audit facilities are often unused
because of concerns that these facilities may degrade overall system perfor-
mance. As discussed in the next section, new database products are being
developed that provide more comprehensive and efficient audit features.
To be effective, both discretionary access and audit controls require that
a system properly identify users. Typically, users identify themselves to a
database system by entering a user ID, and they authenticate themselves by
entering a password. (The management system typically stores the pass-
word in encrypted format in the database.) Although these measures can
provide an effective level of security, their use is burdensome for users, who
must remember passwords for at least one operating system and database
system. This problem may be compounded in distributed environments.
Search WWH ::
Custom Search