|
View Security as the Basis
for Data Warehouse Security
April 2000
Arnon S. Rosenthal, The MITRE Corporation
Edward Sciore, The MITRE Corporation
ABSTRACT
Access. permissions in a data warehouse are currently managed in a
separate world from the sources' policies. The consequences are
inconsistencies, slow response to change, and wasted administrative
work. We present a different approach, which treats the sources'
exported tables and the warehouse as part of the same distributed database.
Our main result is a way to control derived products by extending SQL
grants rather than creating entirely new mechanisms. We provide a powerful,
sound inference theory that derives permissions on warehouse tables
(both materialized and virtual), making the system easier to administer
and its applications more robust. We also propose a new permission construct
suitable for views that filter data from mutually-suspicious parties.

Additional Search Keywords
N/A
|