论文信息 - View security as the basis for data warehouse security

View security as the basis for data warehouse security

Access . permissions in a data warehouse are currently managed in a separate world from the sources’ policies. The consequences are inconsistencies, slow response to change, and wasted administrative work. We present a different approach, which treats the sources’ exported tables and the warehouse as part of the same distributed database. Our main result is a way to control derived products by extending SQL grants rather than creating entirely new mechanisms. We provide a powerful, sound inference theory that derives permissions on warehouse tables (both materialized and virtual), making the system easier to administer and its applications more robust. We also propose a new permission construct suitable for views that filter data from mutually-suspicious parties.

Arnon Rosenthal | Edward Sciore | A. Rosenthal | E. Sciore

[1] Philip A. Bernstein,et al. Microsoft Repository Version 2 and the Open Information Model , 1999, Inf. Syst..

[2] Arnon Rosenthal,et al. Extending SQL's Grant and Revoke Operations, to Limit and Reactivate Privileges , 2000, DBSec.

[3] Silvana Castano,et al. Automated Derivation of Global Authorizations for Database Federations , 1997, J. Comput. Secur..

[4] Klaus R. Dittrich,et al. An Approach for Building Secure Database Federations , 1994, VLDB.

[5] Jeffrey D. Uuman. Principles of database and knowledge- base systems , 1989 .

[6] Arnon Rosenthal,et al. Security Administration for Federations, Warehouses, and other Derived Data , 1999, DBSec.

[7] Sabrina De Capitani di Vimercati,et al. Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.