JPH11306192A - Data base management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a database management system capable of ensuring operation processing of high reliability and high in security by comparing the user threshold which is read out of a 1st storage means with the data threshold which is read out of a 2nd storage means and permitting the use of a data base only when the user threshold is equal to or large than the data threshold. SOLUTION: The user threshold is given to a user who uses a data base and consists of the data operation threshold and the data threshold in regard to the data unit. The data operation threshold show the level of authority for the change of the operating purpose data of the user, and higher this threshold the higher the aptitude in regard to the change of data. The data fixed value shows the designation that is given to the data from the user for inhibition of the data change and also shows the level of authority that inhibits the wrongdoing when the data are changed by another user. These thresholds are fixed since they are decided when a data storing area is formed, and these fixed value are decided by a data base producer according to the importance of data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for restricting the use authority for each user when using a database, and more particularly to a database management system in which the authority is automatically assigned and the security of the database is improved. .

[0002]

2. Description of the Related Art In a conventional system for managing a database, new registration of data, reading of recorded data, and updating of recorded data are performed for each user with respect to data recorded in a recording device of the database. Authorization is given to operations such as deletion of recorded data, and by restricting the use of the database for each user, security is improved, and the reliability of the data making up the database is improved. ing.

[0003]

However, since the operation of the database is restricted based on the operation authority given to the user, even if the user operates the database by mistake, the operation itself is not correct. It is determined that the operation is a certain operation, and the data processed by the operation that apologized is recognized as valid data in the database and input,
Processing such as updating, deletion, and recording is performed, so that the reliability of data constituting the database is reduced.

The present invention provides a highly reliable operation processing and a highly secure database management system.

[0005]

SUMMARY OF THE INVENTION The present invention has been made to achieve the above object, and the invention described in claim 1 is to register, read, and update data in an internal storage device and an external storage device. Threshold creation means for creating a user threshold for each user for operating authority of the database, a first storage means for storing the user threshold, and past user usage status of the database in the database management system having an operation function such as deletion, Data threshold value creating means for creating a data threshold value derived from the data fixing authority consisting of the data threshold and use time, a second recording means for recording the data threshold value creating means, a user threshold value read from the first recording means, (2) Compare the data threshold value read from the storage means, and if the user threshold value is equal to the data threshold value or , And database usage permission means for permitting the use of the database only if large is a database management system, characterized in that it comprises a.

Hereinafter, the threshold value used in the present invention will be described. First, the user threshold is given to a user who uses the database, and the data operation threshold (fixed value of 0 to 1) and the data threshold (0 to
(Fixed value of 1). What is the data manipulation threshold?
This is the magnitude of the authority of the user to change the operation purpose data, and the larger this value is, the higher the suitability for changing the data is. The data fixed value is a designation of data change prohibition given to the user by the user, and when an attempt is made to change the data by another user, the improper activity is prohibited with any authority. It represents what. These thresholds are fixed values to be determined when the data storage area is created, and the values are determined by the database creator based on the importance of the data. These thresholds may be changed in accordance with a change in the attribute of the data storage area. Further, the data operation threshold value and the data fixed threshold value of the user are also values related to the attribute of the data storage area. The data fixed threshold is given for each data unit of the database, and includes a new registration threshold (fixed value of 0 to 1), a read threshold (fixed value of 0 to 1), and an update threshold (0 to 1). , A deletion threshold (fixed value of 0 to 1), a last update time, and a data fixed threshold (fixed value of 0 to 1) of the last updater for the data. The new registration threshold is a value that sets the strength of authority for permitting the registration operation when newly registering data in the data storage area. The read threshold is a value that sets the level of authority for permitting a read operation when reading data from the data storage area. The update threshold value is a value that sets the strength of authority for allowing an update operation when updating data in the data storage area. The deletion threshold is a value for setting the level of authority for permitting the deletion operation when deleting data from the data storage area. The last update time is the last time when operations such as addition, readout, update, and deletion are performed on the data storage area. The data fixed threshold value of the last updater for the data is a value indicating the change prohibition strength of the data of the user who finally performed the operation on the operation target data stored in the data storage area.

[0007] When a user requests registration, readout, update, or deletion of registered data stored in a database, a data operation threshold value and a data fixed threshold value added to the user are retained. The data operation authority is compared with the new registration threshold, the read threshold, the update threshold, the deletion threshold, and the data fixed threshold of the data using Expression 1.

[0008]

[Formula 1] Data fixed threshold value of the previous operator for the data × ((last update time−reference time) ÷ (current time−reference time)) ≦ operation threshold value of the current operator for the data ×
((Current time-reference time) / (current time-reference time))

[0009] The reference time is a starting point of a conventional time in a computer, and is a value determined by a computer used. Then, (last update time−reference time) or (current time−reference time) means that the elapsed time from the start point is calculated. Then, the data operation processing for the data can be permitted only when the new registration, readout, update, and deletion of data is the site of operation of the current operator.

[0010]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be specifically described below with reference to the drawings. FIG. 1 is a flowchart showing a data flow according to an example of the present invention. There is a table in the database that holds integer values, and its definition is SQL2 create
e table table1 (param1int)
And SQL2 is a computer language used to issue commands to an RDBMS server. This language is the standard language used in all major relational databases and is used at the entry level in accordance with the ISO standard SQL92. Also, create table table1
(Param1int) means that an information holding area called table1 is secured, and table1 means that information of a 4-byte integer called param1 is held.

Here, a threshold value for the data is set as an extended attribute. This extended attribute can be obtained from the following expression. Specifically, create table <table name>(｛<columnname><datadomain><add / read / update / delete right threshold declaration><add・ Read / update / delete right threshold>｝ [, ｛<column name><datadomain><add / read / update / delete right threshold declaration><add / read / update / delete right threshold>｝] ……> There is a clear
te table <table name> secures an information holding area <table name>, <table name> holds information identified by <column name>, and the type of the information is <data domain>. , <Data domain> consist of integers, characters, and real numbers. The <addition / read / update / delete right threshold declaration> indicates a type of right to be applied to <column name> and sets a value of the right. For example,
It consists of addition, reading, updating, deleting, etc., and is a real value of 0 to 1.

More specifically, a right threshold declaration keyword “border” is input to SQL2, and an additional threshold =
By inputting 0.3, read threshold = 0.4, update threshold = 0.5, and deleted site = 0.6, the following settings can be made, and create table table1
(Param1 int blocker inserter
t0.3 broader select0.4 bor
der updata0.5 broker dele
te0.6).

On the other hand, the definition for granting the authority to the user can be defined as: grant <operation / fixed right threshold declaration><operation / fixed threshold> on <object name> to <authority recipient>. The grant is a keyword for giving a term in the above SQL. <Operation / Fixed Right Threshold Declaration> is a keyword temporarily introduced here, and specifically, border operation (declaration of setting a data operation threshold) or border fix
(Declaration of setting a fixed data value).
The <operation / fixed value> is a table or a column for setting authority, and the <authorized person> is a user who works on data. More specifically, an operation threshold declaration keyword “operate” and a fixed threshold declaration keyword “fix” are introduced, and a “user”
When the user 1 inputs this value as the operation threshold value 0.5 and the fixed threshold value 0.7, the values can be set as follows. grant border operate
0.5on table tousr1 grant
border fix0.5on table to
usr1.

1. In the case of a single user (1) Addition of data (step 2) When usr1 performs an operation of adding data to table1, from the above equation, the operation authority of usr1 for table1 is 0.5, and the additional threshold (insert) Since it is larger than a certain 0.3, the additional work is completed normally, and a fixed threshold value 0.7 is internally assigned to the data. (2) Data Read (Step 3) When the user usr1 performs a data read operation, the operation authority of the user1 for the table1 is 0.5, which is larger than the read threshold value (select) of 0.4.
The operation of reading data of usr1 from table1 ends normally. (3) Data Update (Step 4) When usr1 performs a data update operation, t1 of usr1
The operation authority for table1 is 0.5, and tabl
Although it is equal to 0.5, which is the update threshold value (update) of e1, but is smaller than the fixed threshold value 0.7 set for the data, the data update of usr1 for table1 is 0.7 × It succeeds only when (last update time−reference time) ÷ (current time−reference time) ≦ 0.5. At this time, a fixed threshold value 0.7 is newly assigned to the data. (4) Data deletion When usr1 performs an operation of deleting data of table1,
The operation authority for table1 of usr1 is 0.5, which is smaller than 0.6 which is a deletion threshold (select), and which is 0.7 which is a fixed threshold set for the data.
Therefore, the data deletion operation of usr1 for table1 fails. 2. In the case of multiple users, the operation threshold of usr1 is 0.5, the fixed threshold is 0.7,
The operation threshold of usr2 is set to 0.5, and the fixed threshold is set to 0.6. (1) Data Registration When usr2 performs an operation of adding data to table1, the operation authority of usr2 for table1 is 0.6, the operation of adding data of usr2 to table1 ends normally, and furthermore, Is assigned a fixed threshold value of 0.5. (2) Reading of Registered Data (Self Data) When the user usr2 performs a read operation of data registered from the table1, the operation restriction on the table1 of the user2 is 0.6, and the registration threshold value of the table1 of 0.
Since it is larger than 4, the operation of reading data of usr2 for table1 is performed normally. (3) Reading of Registered Data (Other Data) When usr2 performs an operation of reading data registered by usr1 from table1, the operation restriction on table1 of usr2 is 0.6, and the threshold of table1 is 0.4, which is the threshold of 0.4. Is large, so us for table1
The operation of reading the data of r2 is performed normally. (4) Data Update (Self Data) When the user usr2 performs an update operation of the data registered by the user1 from the table1, the operation restriction on the table1 of the user2 is 0.6, which is larger than the threshold value 0.5 of the table1. In addition, since the value is larger than the fixed threshold value 0.5 set in the data, u
The operation of updating the data of sr2 is performed normally. (5) Data Update (Other Data) When the user usr2 performs an operation of updating the data registered by the user1 from the table1, the operation restriction on the table1 of the user2 is 0.6, and the threshold value of the table1 is 0.5. However, since it is smaller than the fixed authority 0.7 for the data on table1 of usr1, t
The task of updating data of usr2 with respect to able1 is 0.
The update work is performed normally when 7 × (last change time of inspection-reference time) ÷ (current time−reference time) ≦ 0.6. At this time, a fixed threshold value 0.5 is newly assigned to the data. (6) Deletion of Data (Self Data) When the user 2 performs an operation of deleting the data registered by himself on the table1, the operation authority of the user2 on the table1 is 0.6, and the deletion threshold of the table1 is 0.6. And is larger than the fixed threshold value 0.5 set for the data, the operation of deleting the data is performed normally. (7) Deletion of data (other data) When usr2 performs an operation of updating data registered by usr1 from table1, the operation restriction on table1 of usr2 is 0.6, and the threshold of table1 is 0.6, which is the threshold value of table1. equal. However, since the fixed authority for the data on table1 of usr1 is smaller than 0.7,
The data deletion operation of usr2 for table1 is performed normally when 0.7 × (verification last change time−reference time) ÷ (current time−reference time) ≦ 0.6.

[0015]

As described above, when the database management system of the present invention operates on data stored in a database, only the data having the highest operation authority for data, that is, data having high reliability, is used. Since the operation is performed, the reliability of the data stored in the database and the reliability of the database itself can be improved.

[Brief description of the drawings]

FIG. 1 is a flowchart showing a data flow of the present invention.

Claims (1)

[Claims] 1. A database management system having an operation function of registering, reading, updating, and deleting data in and from an internal storage device and an external storage device. A first storage unit for storing the user threshold, a data threshold creation unit for creating a data threshold derived from a data fixing authority including a past user usage status and a usage time of the database, and a second storage unit for storing the data threshold. (2) using a database which compares a user threshold read from the first storage with a data threshold read from the second storage, and permits use of the database only when the user threshold is equal to or larger than the data threshold. Permission means. Base management systems.