Authorisation

Authorisation is the culmination of the administrative policies of the organisation.  As the name shows, authorisation is a set of rules that can be used to verify which user has what type of access to which portion of the database. The following forms of authorisation are allowed on database items:

1)   READ:  it permits reading of data object, but not modification, deletion or insertion of data object.

2)   INSERT:  Permits insertion of new data, but not allow the modification of existing data, e.g., insertion of tuple in a relation.

3)   UPDATE:  Permits modification of data, but not its deletion.  But data items like primary-key attributes may not be modified.

 4)   DELETE: Permits deletion of data only.

A user may be assigned all, none or a combination of these types of approval, which are broadly known as access authorisations.

In addition to these manipulation operations, a user might be granted control operations like

1)   Add:  Permits adding new objects such as new relations.

 2)   Drop:  Permits the deletion of relations in a database.

3)   Alter:  Permits addition of new attributes in a relations or deletion of existing attributes from the database.

4)   Propagate Access Control:  This is an additional right that permits a user to propagate the access control or access right which s/he already has to some other, i.e., if user A has access right R over a relation S, then if s/he has propagate access control, s/he can propagate her/his access right R over relation S to one more user B either fully or part of it. In SQL you can use WITH GRANT OPTION for this right.

The crucial form of authority is given to the database administrator.  He is the one who might be authorize new users, restructure the database and so on.  The process of Authorisation includes supplying information known only to the person the user has claimed to be in the identification procedure.