• DocumentCode
    1406454
  • Title

    An extended authorization model for relational databases

  • Author

    Bertino, Elisa ; Samarati, Pierangela ; Jajodia, Sushil

  • Author_Institution
    Dipartimento di Sci. dell´´Inf., Milan Univ., Italy
  • Volume
    9
  • Issue
    1
  • fYear
    1997
  • Firstpage
    85
  • Lastpage
    101
  • Abstract
    We propose two extensions to the authorization model for relational databases defined originally by P.G. Griffiths and B. Wade (1976). The first extension concerns a new type of revoke operation, called noncascading revoke operation. The original model contains a single, cascading revoke operation, meaning that when a privilege is revoked from a user, a recursive revocation takes place that deletes all authorizations granted by this user that do not have other supporting authorizations. The new type of revocation avoids the recursive revocation of authorizations. The second extension concerns negative authorization which permits specification of explicit denial for a user to access an object under a particular mode. We also address the management of views and groups with respect to the proposed extensions
  • Keywords
    authorisation; data privacy; message authentication; relational databases; cascading revoke operation; explicit denial; extended authorization model; negative authorization; noncascading revoke operation; recursive revocation; relational databases; revoke operation; Access control; Authorization; Data models; Data privacy; Data security; Database systems; History; Proposals; Protection; Relational databases;
  • fLanguage
    English
  • Journal_Title
    Knowledge and Data Engineering, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    1041-4347
  • Type

    jour

  • DOI
    10.1109/69.567051
  • Filename
    567051
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1406454