Database Authorization

Analysis and Findings

Database security presents a multitude of problems for those responsible for safeguarding the actual physical contents of the database, the software needed to run the database management system, application programs that interact with the database contents, and the actual hardware on which the DBMS and related software operate. The physical security of the DBMS hardware, general computer system facility operational problems, operating system security, and the issuance of a general policy statement for defining the rules and represent just a few of the security issues that must be addressed before, during and after the implementation of a database management system. The organization must define the terms of security signifies and implies to its particular operation. Authorization may only imply the enforcement of privacy regulations, or the non-disclosure of sensitive information, or perhaps the maintenance and assurance of both the integrity and reliability of the data stores within the confines of the physical database. The range and scope the different users of the database must be expressed in terms of the criticality of the data with respect to the organizations overall operation. Database authorization has different features, it utilizes a table in which the rows identify authorized users and the columns correspond to the data objects that are controlled; it restrict the scope and values that can be seen by a user through the use of an access predicate which implements the specification of privileges over objects; and its application is the most prevalent among military installations where huge amount of information is handled and processed constantly. You restrict the values for these characteristics. The authorizations can include any authorization-relevant characteristics, and treat single values, intervals and hierarchy authorizations in the same way. Navigation attributes can also be flagged as authorizationrelevant in the attribute maintenance for characteristics and can be added to authorizations as separate characteristics. You can then assign this authorization to one or more users. All characteristics flagged as authorization-relevant are checked when a query is executed. A

query always selects a set of data from the database. If authorization-relevant characteristics are part of this data, you have to make sure that the user who is executing the query has sufficient authorization for the complete selection. Otherwise, an error message is displayed indicating that the authorization is not sufficient. In principle, the authorizations do not work as filters. Very restricted exceptions to this rule are hierarchies in the drilldown and variables that are filled depending on authorizations. Hierarchies are mostly restricted to the authorized nodes, and variables that are filled depending on authorizations act like filters for the authorized values for the particular characteristic.