Database Authorization Conclusion

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 2

Database Authorization

Conclusion
Authorization mechanism which permits the users of a shared database to maintain the quality of the private data, and which permits them to share a set of privileges on their data with a selected group of other users, or with all users. Subsets of a users data, derived data and other types of data may be shared by defining a view and sharing that view. Privileges on an object, once granted, may be withdrawn .The researcher also conclude that semantics of revocation within a shared database and it have presented a recursive algorithm which effects those semantics. Upon revocation of a privilege from a user, the algorithm revokes his grants of that privilege which were made before his oldest remaining receipt of the privilege. Consequently, privileges legitimately obtained from other sources, and his grants of those privileges, are retained; privileges obtained circularly via a collusion of users are revoked. Examples of the techniques described are presented within the context of System R, a relational database system now under development. Moreover, we feel that these techniques are applicable to any database management system which performs authorization dynamically.

Authorization should not form the basis for an authorization system. Difficulties are encountered in handling dynamic states of authorization in the system will outweigh the efficiency of the authorization mechanism. Even if an authorization matrix contained global information over data at dispersed nodes that a user may have to access to, the posting of updates would be complicated by the fact that changes over the entire distributed system may have to be taken into account. It is more better that the view mechanism together with the Grant and Revoke scheme offered a more flexibility in the general application of authorization control. Control of the implementation of a given authorization mechanism, in a distributed database system, can be centralized or decentralized. In centralized control the system database contains all the information and data required for the authorization mechanism. Access to the database and authorization matrix is restricted to the DBA and other officials. In decentralized authorization control an individual or group of individuals are designated as the authorizers for one particular site in the network. When the database has been physically

distributed it may be desirable to distribute the authorization related information. Furthermore, the implementation of an authorization mechanism should be accomplished by using system catalogs which have predefined names are created for each database. The issues and problems related to the security of database are certainly not new. Considerable progress has been achieved in the area of authorization and control. However, with the advent of distributed database systems renewed interest exists in both evaluating the applicability if the existing authorization mechanisms as well.

You might also like