DATABASE AUTHORIZATION

I.

Introduction

Database security has become an essential issue in assuring the integrity, protection, and reliability of the data stored in a database management system (DBMS). A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized users. Further, when tables or restricted views of tables are created and destroyed dynamically, the granting, authentication, and revocation of authorization to use them must also be dynamic. In current database management systems the ability to grant authorization to perform actions on objects resides with a central database administrator or with the creator of the object. Many of the systems rely on password schemes, which are vulnerable to guessing.

The granting of rights or privileges that enable users to have legitimate access to a system or a systems objects is called authorization. Authorization ensures that only the authorized users are accessing the data. An authorization control must have the ability to identify authorized users and thereby to restrict unauthorized accessing of data. Authorization control was being provided by operating systems for a long time, and recently by distributed operating systems as a service of the file system. Generally, a centralized approach is used for authorization control. In this approach, the centralized control creates database objects and provides permission to other users to access these objects. Database objects are identified by their external names. Another aspect of authorization is that different users can have different privileges on the same database objects in a database environment.

The authorization mechanism is the component of the database security system which has the primary responsibility of safeguarding the previously defined data and access rules needed for database access control. The data and rules for authorization control assist in the enforcement of access controls regarding the list of authorized users, the data objects which the authorized users are allowed to manipulate, and the operations that these users can perform on these objects. As part of its tasks the authorization mechanism can grant or deny access to any user or group of users as appropriate. Authorization and data protection are two very important aspects of database security, and they are closely related to each other. Protection is required to prevent unauthorized disclosure, alteration or destruction of data. Data protection is generally provided by file systems in both centralized and distributed operating systems.