1 :Info: mrds.security.gi: mrds.security: 1981-08-06 mrds.security
2
3 Introduction: This is a brief description of the procedures needed to
4 make use of either relation or attribute level security within MRDS.
5
6
7 List of definitions:
8 database administrator DBA
9 a user holding sma access on the database directory.
10 secure submodel
11 a version 5 submodel residing in the secure.submodels directory
12 under the database.
13 secured database
14 a database modified by the secure_mrds_db command. It remains
15 secured until the secure_mrds_db -reset option is used.
16
17
18 Relation level security:
19 Control of access to the database data on a relation level is done
20 via Multics access control lists ACLs.
21
22
23 To set access for a user to relation personnel under database
24 employee.db the following access must be set:
25
26 employees.db>db_model needs r User_id
27
28 employees.db>db.control needs rw User_id
29
30 employees.db>personnel.m needs r User_id
31
32 employees.db>personnel needs X User_id
33 where X is the desired relation data access of n r or rw
34
35 User_id in the above commands gives the person.project to whom access
36 is being granted.
37
38
39 Attribute level security:
40 Control of access to the database data at attribute level requires
41 the use of a secure submodel on a secured database for non-DBA's.
42 The Multics ACLs must be set up as for relation access control.
43 However the secure submodel must have access control statements that
44 specify the additional attribute access, so MRDS may manage the
45 additional access restrictions above those applied by the Multics
46 ACLs.
47
48
49 For example, if the salary attribute in the above personnel relation
50 is to be given null access for the Benefits project, the following
51 could be done:
52
53 Create the submodel source:
54 relation: personnellast_name first_name address salary ;
55 attribute access: salary in personnel null ;
56
57 Use the command create_mrds_dsm -install on this submodel source.
58
59 Then give the Benefits project read access on the resulting submodel,
60 and only that submodel.
61
62 Then when a user in Benefits accesses the employee database, he will
63 not be able to read salary.
64
65
66 :hcom:
67 /****^ HISTORY COMMENTS:
68 1) change2020-12-15GDixon, approve2021-02-22MCR10088,
69 audit2021-05-27Swenson, install2021-05-27MR12.6g-0056:
70 A) Fix errors reported by the new verify_info command.
71 END HISTORY COMMENTS */