Database Security and Authorization: Granting of Privileges

A user can grant his access rights (authorizations) to any other user only when DBA gives granting right  to  that  user.

A user has an authorization if there exists a path from root (DBA) to the node, that represent the  user.

— Consider an example of delete authorization.

User 5 have two paths by which he can get delete authorization

1. DBA → User 2 → User 4 → User 5
2. DBA → User 1 → User 5.

After sometime if DBA revoked that authority from user 1, then user 5 can use 1st path

Advantage

(i) Helps in maintaining large  database.

Disadvantage

(i) Users can attempt to defeat authorization revocation.

Ex. Consider  the authorization’s  as given  in Figure  9.4.

Here DBA gives authority to user 1, user 2 and user 3. User 2 grants authority to user 1 and vice versa. At any time if DBA revokes authority from user 2 then even it has authority by user 1.

So, DBA must be  careful while  granting of  privileges.

Source: Gupta Satinder Bal, Mittal Aditya (2017), Introduction to Basic Database Management System, 2nd Edition-University Science Press (2017)

Leave a Reply

Your email address will not be published. Required fields are marked *