Article

Free access

An authorization mechanism for a relational data base system

Authors:

P. P. Griffiths,

B. W. WadeAuthors Info & Claims

SIGMOD '76: Proceedings of the 1976 ACM SIGMOD international conference on Management of data

Page 51

https://doi.org/10.1145/509383.509393

Published: 02 June 1976 Publication History

PDF eReader

Abstract

A multi-user data base system must permit users to selectively share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized users. Further, when tables or restricted views of tables are created and destroyed dynamically, the granting, authentication, and revocation of authorization to use them must also be dynamic. We discuss each of these issues and their solutions in the context of the relational data base management system, System R.When a data base user creates a table, he is fully and solely authorized to perform actions upon it such as read, insert, update, and delete. If he wishes, he may explicitly grant to any other user any or all of his privileges on the table. In addition, he may specify that that user is authorized to further grant these privileges to other users. The result is a directed graph of granted privileges originating from the table creator.At some later time, a user A may revoke some or all of the privileges which he previously granted to another user B. This action usually revokes the entire subgraph of the grants originating from A's grant to B. It may be, however, that B will still possess the revoked privileges by means of a grant from another user C, and therefore some or all of B's grants should not be revoked. We discuss this problem in detail and present an algorithm for detecting exactly which of B'S grants should be revoked.Because revocation may be performed dynamically, a user's authorization for a table must be checked dynamically. We present a scheme which attempts to minimize the cost of such revalidation.

Cited By

View all

ASTRAHAN MBLASGEN MCHAMBERLIN DESWARAN KGRAY JGRIFFITHS PKING WLORIE RMcJONES PMEHL JPUTZOLU GTRAIGER IWADE BWATSON V(1989)System R: Relational Approach to Database ManagementReadings in Artificial Intelligence and Databases10.1016/B978-0-934613-53-8.50042-X(560-582)Online publication date: 1989
https://doi.org/10.1016/B978-0-934613-53-8.50042-X
Schreiber FMartella G(1979)Creating a conceptual model of a data dictionary for distributed data basesACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/1017612.101761411:1(12-18)Online publication date: 1-Jul-1979
https://dl.acm.org/doi/10.1145/1017612.1017614
Mohan C(1978)An overview of recent data base researchACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/2579474.257947610:2(3-24)Online publication date: 1-Sep-1978
https://dl.acm.org/doi/10.1145/2579474.2579476
Show More Cited By

Recommendations

An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
A flexible authorization mechanism for relational data management systems

In this article, we present an authorization model that can be used to express a number of discretionary access control policies for relational data management systems. The model permits both positive and negative authorizations and supports exceptions ...
Formal authorisation allocation approaches for permission-role assignments using relational algebra operations
ADC '03: Proceedings of the 14th Australasian database conference - Volume 17

In this paper, we develop formal authorization allocation algorithms for permission-role assignments. The formal approaches are based on relational structure, relational algebra and operations. The process of permission-role assignments is an important ...

Comments

Information & Contributors

Information

Published In

SIGMOD '76: Proceedings of the 1976 ACM SIGMOD international conference on Management of data

June 1976

145 pages

ISBN:9781450347297

DOI:10.1145/509383

Conference Chair:
J. B. Fry
University of Michigan
,
General Chair:
E. H. Sibley
University of Maryland
,
Program Chair:
J. B. Rothnie
DOD Computer Institute

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 1976

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
217
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)15

Reflects downloads up to 13 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

ASTRAHAN MBLASGEN MCHAMBERLIN DESWARAN KGRAY JGRIFFITHS PKING WLORIE RMcJONES PMEHL JPUTZOLU GTRAIGER IWADE BWATSON V(1989)System R: Relational Approach to Database ManagementReadings in Artificial Intelligence and Databases10.1016/B978-0-934613-53-8.50042-X(560-582)Online publication date: 1989
https://doi.org/10.1016/B978-0-934613-53-8.50042-X
Schreiber FMartella G(1979)Creating a conceptual model of a data dictionary for distributed data basesACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/1017612.101761411:1(12-18)Online publication date: 1-Jul-1979
https://dl.acm.org/doi/10.1145/1017612.1017614
Mohan C(1978)An overview of recent data base researchACM SIGMIS Database: the DATABASE for Advances in Information Systems10.1145/2579474.257947610:2(3-24)Online publication date: 1-Sep-1978
https://dl.acm.org/doi/10.1145/2579474.2579476
Astrahan MBlasgen MChamberlin DEswaran KGray JGriffiths PKing WLorie RMcJones PMehl JPutzolu GTraiger IWade BWatson V(1976)System RACM Transactions on Database Systems10.1145/320455.3204571:2(97-137)Online publication date: 1-Jun-1976
https://dl.acm.org/doi/10.1145/320455.320457

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations