On Sun, 2003-01-26 at 03:37, Cecil O. Lynch, MD wrote:
> No, I am not saying that MSSQL Sever provides row level security. I am
> saying that ANSI SQL allows one to write the scripts to enforce row
> level security.
> 
> Take a look at
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/modcore
> /html/deconrowlevelsecuritysupportinissuetrackingsolution.asp

OK, thanks. This is implemented at the application level, or at least at
a level above the base DBMS storage - in other words, it is a
discretionary access control method - meaning it can be turned off or
bypassed by the sysadmin or someone pretending to be the sysadmin.

What I had in mind was mandatory access control, and I think Oracle is
the only mainstream vendor which provides this, sort of, with a very
expensive add-on (more expensive that base Oracle - so that's
expensive). Mandatory access control means that it can't be bypassed,
even by the system administrator. This is a strange concept to many
people, but it is highly desirable for protecting very large
aggregations of identified personal health information, as might be
amassed in a community-wide EHR. There are alternatives, such as
dual-control of (database or operating system) accounts which have
superuser privileges: two people are required to supply two separate
passwords (and/or authentication tokens) before the superuser can log on
to the system - similar to the Hollywood idea of nuclear missile control
systems in which two people, one of whom is Gene Hackman, have to turn
the keys simultaneously on control panels a few meters apart (too far
for one person to reach). Again, there is a real opportunity here for
open source systems to steal a march on commercial systems.

> As far as "sponsored" comp scientists to roll out a Postgres version,
> sounds like a project for faculty and students "sponsored" by the
> University.

These days, I thought that that Universities needed to be sponsored to
look into anything (including their own navels) - intellectual curiosity
or advancement of knowledge aren't enough any more.

Tim C



Reply via email to