An Extended Authorization Model for Relational Databases
نویسندگان
چکیده
We propose two extensions to the authorization model for relational databases defined originally by Griffiths and Wade. The first extension concerns a new type of revoke operation, called noncascading revoke operation. The original model contains a single, cascading revoke operation, meaning that when a privilege is revoked from a user, a recursive revocation takes place that deletes all authorizations granted by this user that do not have other supporting authorizations. The new type of revocation avoids the recursive revocation of authorizations. The second extension concerns negative authorization which permits specification of explicit denial for a user to access an object under a particular mode. We also address the management of views and groups with respect to the proposed extensions.
منابع مشابه
A Security Model for Object-Oriented Databases
The Integration of object-oriented programming concepts with databases IS one of the most significant advances In the evolutlon of database systems and several recent pro}ects are developing object-oriented databases Among the many Issues brought along by this combination, one that IS becoming important ISthe protection of information We develop here an authorization model for objectorlented da...
متن کاملA Model for Evaluation and Administration of Security in Object-Oriented Databases
AbstrucfThe integration of object-oriented programming concepts with databases is one of the most significant advances in the evelution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop here an authorization model for object-oriented databases. This model consists of a set of...
متن کاملA Flexible Database Authorization System
In this paper we present an authorization mechanism for a relational database. It allows defining the user privileges exact to a table row. To implement that we used the INSTEAD triggers installed on views. This authorization system is an interesting application of such triggers. The user privileges are organized into parameterized roles that can be instantiated and/or inherited by other roles.
متن کاملUsing Usage Control to Access XML Databases
XML documents usually contain private information that cannot be shared by every user communities. It is widely used in web environment. XML database is becoming increasingly important since it consists of XML documents. Several applications for supporting selective access to data are available over the web. Usage control has been considered as the next generation access control model with dist...
متن کاملAn Access Control Method Based on the Prefix Labeling Scheme for XML Repositories
This paper describes an access control method of the XML repository system, SAXOPHONE, which was implemented at Tokyo Metropolitan University. The main feature of our research is a novel account identifier that is based on the prefix-labeling scheme to realize a hierarchical authorization. SAXOPHONE uses relational databases for XML document storage. Using it, any valid or well-formed XML docum...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEEE Trans. Knowl. Data Eng.
دوره 9 شماره
صفحات -
تاریخ انتشار 1997