|
Leszek A. Maciaszek |
Mieczyslaw L. Owoc |
Abstract
Information systems must be protected from unauthorized access. Authorization has been studied extensively as the main form of preserving the
security of databases. Every database management system provides a sophisticated set of options aimed at protecting the database from unauthorized access. An important practical problem is how to take advantage of the database security options to ensure that a user-c344 is permitted to access the database through the application program but may not be allowed to access the database directly via database query tools. A related issue is how to extend the user-c344 privileges on the client part of the application so that only authorized GUI controls are available to the user-c344.In this paper we propose a model for the design of necessary authorization settings into both the client and the server parts of a database application. The settings are stored in an Authorization Database (ADB) to which the program connects to customize itself for the current user-c344. The customization is based on an application role granted to the user-c344. An application role is activated for a connection (user-c344 session). After the database server authenticates the user-c344, the user-c344 login to the application role can be transparently obtained by the application from the ADB.
Keywords: authorization design, database applications, security, client/server systems