08/06/81 mrds.security Introduction: This is a brief description of the procedures needed to make use of either relation or attribute level security within MRDS. Definitions: A database administrator (DBA) is a user holding sma access on the database directory. A secure submodel is a version 5 submodel residing in the secure.submodels directory under the database. A database is secured if the command secure_mrds_db has been run against it, and the -reset option has not been subsequently used. Relation level security: Control of access to the database data on a relation level is done via Multics acl's. To set access for a user to relation personnel under database employee.db the following access must be set: employees.db>db_model needs r acl employees.db>db.control needs rw acl employees.db>personnel.m needs r acl employees.db>personnel needs X acl, where X is the desired relation data access of n, r, or rw All these acls of course being set for the person.project to whom access is being granted. Attribute level security: Control of access to the database data at attribute level requires the use of a secure submodel on a secured database for non-DBA's. The Multics acl's must be set up as for relation access control. However the secure submodel must have access control statements that speicify the additional attribute access, so MRDS may manage the additional access restrictions above those applied by the Multics acl's. For example, if the salary attribute in the above personnel relation is to be given null access for the Benefits project, the following could be done: create the submodel source: relation: personnel(last_name first_name address salary) ; attribute access: salary in personnel (null) ; Use the command create_mrds_dsm -install on this submodel source. Then give the Benefits project read access on the resulting submodel, and only that submodel. Then when a user in Benefits accesses the employee database, he will not be able to read salary. ----------------------------------------------------------- Historical Background This edition of the Multics software materials and documentation is provided and donated to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc. as a contribution to computer science knowledge. This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology, Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL and BULL HN Information Systems Inc. to the development of this operating system. Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970), renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture for managing computer hardware properly and for executing programs. Many subsequent operating systems incorporated Multics principles. Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc., as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. . ----------------------------------------------------------- Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without fee is hereby granted,provided that the below copyright notice and historical background appear in all copies and that both the copyright notice and historical background and this permission notice appear in supporting documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining to distribution of the programs without specific prior written permission. Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc. Copyright 2006 by BULL HN Information Systems Inc. Copyright 2006 by Bull SAS All Rights Reserved