Authorisation

1. Authorisation Steve Fisher / RAL 2/4/2003 <s.m.fisher@rl.ac.uk>

2. I don’t think I disagree(much) with Linda • Control must be at the level of views on the database • Very compact • Very powerful Authorisation

3. Example - people • Doctor: Select sanity for his patients • Anybody: select average salary for people in GB • Friend: phone number Authorisation

4. Example - doctor • View • Name, Address, Phone, Sanity from People where Doctor = “Spock” • Name, Address, Phone, Sanity from People where Doctor = “{DN}” • Good Query • Select Name, Sanity from People where Doctor = “Spock” • Bad Query • Select Name, Salary from People where Doctor = “Spock” • What about • Select Name, Sanity from People where Name = “Bill” Doctor: Select sanity for his patients Authorisation

5. Example - doctor • View • Name, {AGGREGATE}(Salary) where Country = “{*}” • Good Query • Select Avg(Salary) from People where Country = “GB” Anybody: select average salary for people in GB Authorisation

6. Example - doctor • View • P.Name, P.Phone, P.Address from People P, Friend F where P.Name = F.Name and F.Friend = “{DN}” • Good Query • Select P.Name, P.Phone from People P, Friend F where P.Name = F.Name and F.Friend = “Mary” and P.Name=“Bill” • Bad Query • Select P.Name, P.Phone from People P, Friend F where P.Name = F.Name and F.Friend = “Bill” and P.Name=“Mary” Friend: phone number Authorisation