E. Bertino et al., AN EXTENDED AUTHORIZATION MODEL FOR RELATIONAL DATABASES, IEEE transactions on knowledge and data engineering, 9(1), 1997, pp. 85-101
Citations number
25
Categorie Soggetti
Information Science & Library Science","Computer Sciences, Special Topics","Engineering, Eletrical & Electronic","Computer Science Artificial Intelligence","Computer Science Information Systems
We propose two extensions to the authorization model for relational da
tabases defined originally by Griffiths and Wade. The first extension
concerns a new type of revoke operation, called noncascading revoke op
eration. The original model contains a single, cascading revoke operat
ion, meaning that when a privilege is revoked from a user, a recursive
revocation takes place that deletes all authorizations granted by thi
s user that do not have other supporting authorizations. The new type
of revocation avoids the recursive revocation of authorizations. The s
econd extension concerns negative authorization which permits specific
ation of explicit denial for a user to access an object under a partic
ular mode. We also address the management of views and groups with res
pect to the proposed extensions.