This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: . . Winter 2008 CPE/CSC 366: Database Modeling, Design and Implementation Alexander Dekhtyar . . Database Security: Data Access Control Overview Q: Who is responsible for security of database applications? Variant 1: Database software developers, in software layer. Variant 2: Variant 1 is not always feasible. In such cases, access control is facilitated inside the DBMS. Security in Databases Secrecy: information should not be disclosed to unauthorized users. Integrity: only authorized users should be allowed to modify data. Availability: authorized users should not be denied services. Access Control in Databases Discretionary Access Control : a system of data access permissions initiated and controlled by DBMS users. Mandatory Access Control : a system of universal data access rules obeyed by DBMS. Discretionary Access Control Privileges: data access rights possessed by DBMS users. Types of privileges : SELECT : the right to view stored data. INSERT : the right to insert data. DELETE : the right to delete data. UPDATE : the right to modify existing data. 1 REFERENCES : the right to create tables with foreign keys to the data....
View Full Document
This note was uploaded on 05/19/2008 for the course CSC 365 taught by Professor Dekhtyar during the Spring '08 term at Cal Poly.
- Spring '08