A basic model of database access control, Database Management System

A basic model of Database Access Control

Models of database access control have grown out of previous work on protection in operating systems. Let us talk about one simple model with the help of the following example:

Security problem: Consider the relation:

Employee (Empno, Name,Deptno, Address,  Salary, Assessment)

Suppose there are two users: General user and Personnel manager. What access rights may be approved to each user? One extreme possibility is to approve an unconstrained access or to have a limited access.

 

                1543_A basic model of Database Access Control.png

 

One of the mainly influential protection models was developed by Lampson and extended by Denning and Graham.  This model has 3 components:

1)   A set of objects:  Where objects are the entities to which access must be controlled.

2)   A set of subjects:  Where subjects are entities that request access to objects.

3)   A set of all access rules:  Which can be thought of as forming an access (often referred to as authorisation matrix).

Let us make a sample authorisation matrix for the given relation:

Object

 

 

Subject

Empno

Name

Address

Deptno

Salary

Assessment

Personnel

Manager

Read

All

All

All

All

All

General

User

Read

Read

Read

Read

Not accessible

Not accessible

 

As the over matrix shows, General user and Personnel Manager are the two subjects. Objects of database are Empno, Address, Name,  Deptno, Salary and Assessment.  As per the access matrix, Personnel Manager can do any operation on the database of an employee except for updating the Empno that might be self-generated and once given cannot be changed. The general user can only read the data but cannot update, insert or delete the data into the database. Also the information about the salary and assessment of the employee is not accessible to the general user.

In summary, it can be said that the basic access matrix is the representation of basic access rules. These rules may be executed using a view on which several access rights may be given to the users.

 

 

Posted Date: 3/12/2013 5:41:07 AM | Location : United States







Related Discussions:- A basic model of database access control, Assignment Help, Ask Question on A basic model of database access control, Get Answer, Expert's Help, A basic model of database access control Discussions

Write discussion on A basic model of database access control
Your posts are moderated
Related Questions
If one requires to access data using Logical Database , the use of events is unavoidable. Yes, if someone wants to access data using Logical database then the use of events

Information about films holds information about movies, stars and studios. Movies have a title, year of production, length and the film type. Stars have a name and address. Studi

What are axioms? Axioms or rules of inference give a simpler technique for reasoning about

List the string operations supported by SQL? 1) Pattern matching Operation 2) Concatenation 3) Extracting character strings 4) Converting among uppercase and lower cas

We need help in Booking System for Golf Business Development of a web based booking system which permits clients to book golf lessons with the following features- a) 4 user p

Consider an information system designed for an online company which provides IT products and services These include desktops, laptops, networking products, IT books, parts, and

Add generation capabilities and/or tailor the built-in functionality of generator. This enables you to produce "all" the test data for the MySQL tables you produced in the previous

Many-to-many : Entities in A and B are related with any number of entities from each other. Example: Taught_by Relationship among course and faculty. One faculty member ca


Why Like predicate used for? LIKE predicate: The LIKE predicate searches for strings in which have a certain pattern.