Title :
A symmetrical approach to granting and revoking access rights in database management systems
Author :
Goldberg, David A. ; Orooji, Ali
Author_Institution :
Palindrome Corp., Naperville, IL, USA
fDate :
31 Oct-2 Nov 1990
Abstract :
The concept of independent revocation is described where an authorizer specifies revocation independently of the current status of authorization. Some of the aspects relating to the implementation of a system providing independent revocation were discussed. Revocation is first discussed in terms of formal models of authorization. The concept of an access matrix is introduced, and extended to allow for the specification of a condition for database systems. Then the general idea of independent revocation is considered in terms of this extended access matrix. Second, an actual implementation of a system which provides independent revocation is presented. The system, RRDS (Relational Replicated Database System) provides a DISALLOW command which gives the authorizer the capability to specify the data that a user should not be allowed to access. Finally, the applicability of independent revocation to database system in general is explored. It is concluded that independent revocation is applicable to a variety of systems, including some major systems currently in existence
Keywords :
distributed databases; relational databases; security of data; DISALLOW command; RRDS; access matrix; access rights; authorization; database management systems; independent revocation; Authorization; Computer science; Data security; Database systems; Permission;
Conference_Titel :
Computer Software and Applications Conference, 1990. COMPSAC 90. Proceedings., Fourteenth Annual International
Conference_Location :
Chicago, IL
Print_ISBN :
0-8186-2054-4
DOI :
10.1109/CMPSAC.1990.139339
