Discretionary access control(database).pptx
854 views
13 slides
Oct 26, 2023
Slide 1 of 13
1
2
3
4
5
6
7
8
9
10
11
12
13
About This Presentation
Discretionary access control based on granting and revoking privileges
Slide Content
Discretionary Access Control Based on Granting and Revoking Privileges The typical method of enforcing discretionary access control in a database system is based on the granting and revoking of privileges in the context of a relational Database. The main idea is to include statements in the query language that allow the DBA and selected users to grant and revoke privileges.
TYPES OF DISCRETIONARY PRIVILLEGES The DBMS must provide selective access to each relation in the database based on specific accounts. Operations may also be controlled; thus, having an account does not necessarily entitle the account holder to all the functionality provided by the DBMS. LEVELS FOR ASSIGNING PRIVILLEGES ACCOUNT LEVEL RELATIONAL LEVEL
ACCOUNT LEVEL: The privileges at the account level apply to the capabilities provided to the account itself and can include the CREATE SCHEMA or CREATE TABLE privilege,CREATE VIEW privilege, ALTER privilege, DROP privilege, MODIFY privilege, SELECT privilege ,to retrieve information from the database by using a SELECT query. If a certain account does not have the CREATE TABLE privilege, no relations can be created from that account. DATABASE ADMINSTRATOR ACCOUNT DATA ANALYST ACCOUNT DATA ENTRY ACCOUNT DAVELOPER ACCOUNT
RELATIONAL LEVEL: the relation level includes base relations and virtual (view) relations. the term relation may refer either to a base relation or to a view Privileges at the relation level specify for each user the individual relations on which each type of command can be applied. Some privileges also refer to individual columns (attributes) of relations. The granting and revoking of privileges generally follow an authorization model for discretionary privileges known as the access matrix model, where Rows of a matrix M represent subjects (users, accounts, programs) . Columns represent objects (relations, records, columns, views, operations). Each position M( i , j) in the matrix represents the types of privileges (read, write, update) that sub- ject i holds on object j. Table X Table Y Table Z View V User A R W - R User B R - U - User C - - R - Subjects Objects
To control the granting and revoking of relation privileges ,each relation R in a database is assigned an owner account. the DBA can assign an owner to a whole schema by creating the schema using the CREATE SCHEMA command. The owner account holder can pass privileges on any of the owned relations to other users by granting privileges to their accounts. In SQL, the following types of privileges can be granted on each individual relation R: SELECT (retrieval or read) privilege on R. Modification privileges on R (UPDATE, DELETE, and INSERT). References privilege on R for specifying integrity constraints.
REVOKING OF PRIVILEGES: In some cases, it is desirable to grant a privilege to a user temporarily. For example, the owner of a relation may want to grant the SELECT privilege to a user for a specific task and then revoke that privilege once the task is completed. Hence, a mechanism for revoking privileges is needed. In SQL, a REVOKE command is included for the purpose of canceling privileges. PROPAGATION OF PRIVILEGES USING THE GRANT OPTION: When the owner A grants a privilege on a relation R to another account B, B can receive the privilege with or without the ability to grant it to others (GRANT OPTION). If B has the GRANT OPTION and grants the privilege to account C, privileges on R can spread without A's knowledge. If A revokes the privilege given to B, all privileges propagated by B should also be automatically revoked. To ensure this, a database management system tracks how privileges were granted, so revoking privileges can be done correctly and completely. This tracking helps maintain control and security over the system.
OWNER A ACCOUNT B ACCOUNT C GRANT P GRANT P The access control mechanism ensures that revoking a privilege from an account effectively revokes any privileges propagated by that account, preventing privileges from being passed on without the knowledge or authorization of the owner of the resource. OWNER A ACCOUNT B ACCOUNT C REVOKE P REVOKE P
An Example to Illustrate Granting and Revoking of Privileges: Suppose that the DBA creates four accounts-A1, A2, A3, and A4-and wants only A1 to be able to create base relations. GRANT command in SQL: GRANT CREATETAB TO A1; Account A1 the capability to create new database tables (base relations) and is hence an account privilege. the same effect can be accomplished by having the DBA issue a CREATESCHEMA command, as follows: CREATE SCHEMA EXAMPLE AUTHORIZATION A1; User account A1 can now create tables under the schema called EXAMPLE.
Suppose that A1 creates the two base relations EMPLOYEE and DEPARTMENT.A1 is then the owner of these two relations and hence has all the relation privileges on each of them. A1 is then the owner of these two relations and hence has all the relation privileges on each of them. GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2; A1 allowing it to grant privileges on the relation to other accounts. However, account A2 cannot grant INSERT and DELETE privileges on the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT OPTION in the preceding command. Suppose that At wants to allow account A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts.A1 issues the following command, GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION; A3 can now propagate the privilege to other accounts by using GRANT.
A3 can grant the SELECT privilege on the EMPLOYEE relation to A4. GRANT SELECT ON EMPLOYEE TO A4; A4 cannot propagate the SELECT privilege to other accounts becausethe GRANT OPTION was not given to A4. Now suppose that A1 decides to revoke the SELECT privilege on the EMPLOYEE relation from A3; A1 then can issue this command: REVOKE SELECT ON EMPLOYEE FROM A3; EMPLOYEE Name Ssn Bdate Address Sex Salary Dno DEPARTMENT Dnumber Dname Mgr_ssn
Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege. The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the tuples with Dno = 5. A1 then can create the following view: CREATE VIEW A3 EMPLOYEE AS SELECT Name, Bdate, Address FROM EMPLOYEE WHERE Dno = 5; After the view is created. A1 can grant SELECT on the view A3EMPLOYEE to A3 as follows: GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION; Finally, suppose that A1 wants to allow A4 to update only the Salary attribute ofEMPLOYEE; A1 can then issue the following command: GRANT UPDATE ON EMPLOYEE (Salary) TO A4;
SPECIFYING LIMITS ON PROPAGATION OF PRIVILEGES: HORIZONTAL PROPAGATION: Limit the number of accounts to which a privilege can be granted. Account B (with GRANT OPTION) can grant the privilege to at most i other accounts. VERTICAL PROPAGATION: Limit the depth of granting privileges. Account B (with vertical propagation j) can grant the privilege to other accounts only with a vertical propagation less than j. Example: A1 grants SELECT to A2 with horizontal propagation = 1 and vertical propagation = 2. A2 can grant SELECT to at most 1 account (horizontal limit) and reduce vertical propagation by 1 when passing the privilege (vertical limit). OWNER A1 ACCOUNT A2 ACCOUNT C(1) ACCOUNT D(0) ACCOUNT E(2) ACCOUNT F(1) ACCOUNT G(0)
THANK YOU Horizontal and vertical propagation techniques limit privilege spread, ensuring depth and breadth control. These techniques are not currently available in SQL or most relational systems. UNIVERSITY QUESTIONS : Present an overview of database security.(13M) Explain in detail DB Security.(8m)
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 854
- Slides 13
- Age 768 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views