An Enhanced Authorization Mechanism Based On DM Database

With the rapid development of the social informationization construction, the enterprises and government departments carry mass data to the database system, database security becomes the matter of people universally concern. Authorization is the foundtion of database security,we can not guarantee the safe of the database system until we carry out the reasonable authorization mechanism.The enhanced authorization mechanism based on DM database, redefines the authorization, expands the types of authorization in the system, simultaneously on the foundation of the new set of authorization and"separation of powers", has carried on a more careful division to the authorization to assure the management of authorization varies according to the different application scene. Through the management of table attributes, may carry on the control of access to the table in the root, to manage the table with the discretionary access control together.The subsystem of enhanced authorization mechanism based on the foundation of original system, carried on a more reasonable division and divided into five main modules: authorization data dictionary, grant and revoke, table attribute management, authorization collection and access check. The data dictionary module mainly aims at design the dictionaries of authorization and table attribute according to the strategy of the definition of authorization. The grant and revoke module mainly aims at describe the strategy. The management of table attributes module is to set the attribute of tables according to the data dictionary by expanding the SQL language. The authorization collection module collects the anthorization of user need to execute the SQL in the phase of parsing SQL, and then transmits to the access check module. The access check module check user's access of DAC and table attribute, according to the list of authorization collected by authorization collection module.Through the designed experiment, we carry out function and performance tests on the enhanced authorization system. In the aspect of function, the enhanced authorization system has achieved all function which has designed, in the aspect of performance, the influence to whole SQL sentence execution is in user acceptable scope.