Re: relative complement?

From: Erwin <e.smout_at_myonline.be>
Date: Mon, 4 Apr 2011 05:37:35 -0700 (PDT)
Message-ID: <55cdb3ff-5bd3-4844-b30a-2ad60f418ff8_at_j13g2000yqj.googlegroups.com>

On 4 apr, 10:54, David BL <davi..._at_iinet.net.au> wrote:
> On Mar 19, 7:47 am, paul c <anonym..._at_not-for-mail.invalid> wrote:
>
> > Given that preference, I think join deletes and union inserts become
> > mechanical problems. �For me, in the end it amounts simply to a user
> > stating that the tuples of the literal B relation are (all) true and
> > that B's predicate is immaterial. �With those two assertions, the
> > A-algebra is sufficient to describe what results a language should
> > produce without ambiguity.
>
> I accept the idea that update operators on views can be defined to be
> unambiguous, dispelling a common argument against view updates such as
> join deletes and union inserts.
>
> However, I'm very suspicious of an application allowing users to
> update a non-injective view of the data.

Hmmmmmmmm. Are you saying here that it's OK to _define_ join delete and union insert in some certain way that "makes it unambiguous", but that the applications that _use_ such an update are then suspect ?

> More specifically if users
> of an application cannot in general distinguish distinct values of
> some base relvar how can they reasonably be expected to have
> permission to update that relvar?

(1) If views are used as a means for achieving logical data independence, then this is a non-argument, because users will then not be aware of any base relvars, by definition of what logical data independence means, and it then follows necessarily that any consideration as to whether or not they "should have update authority on the base relvars", is itself merely a function on whether they do have update authority on the virtual relvars referring to such base relvars !

(2) But views are also often proposed as a means for achieving data security, which is a quite different goal than the goal of logical data independence. E.g. it is often suggested that a security rule such as "users such-and-so can query an employee's name, but not his salary", can be addressed by defining the proper view (projecting away the salary attribute), and giving the user read authority on that view, but not on the underlying base relvar. Thus generating an actual contradiction/conflict, because an authority to read a view, inherently involves/requires authority to read the underlying base relvars.

And that issue of whether and how the definition of security rules defined in terms of virtual relvars should "match" with the same set of security rules defined in terms of the corresponding base relvars, is, to my knowledge, a largely unexplored one. I have the impression that people discussing virtual relvars often "hop over" from (1) to (2) and vice-versa, depending on whether 'security' is part of the discussion or not. Not realising that it might be the case that (1) and (2) are, in a sense, a mutually exclusive choice. Received on Mon Apr 04 2011 - 14:37:35 CEST

This message: [ Message body ]
Next message: David BL: "Re: SQL deferred constraints (a bit O/T, I know)"
Previous message: Erwin: "Re: SQL deferred constraints (a bit O/T, I know)"
Maybe in reply to: Erwin: "Re: relative complement?"
In reply to David BL: "Re: relative complement?"
Next in thread: paul c: "Re: relative complement?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message