Analysis of a Mandatory Access Restriction System for Oracle DBMS
"An Analysis of a Mandatory Access Restriction System for Oracle DBMS"
A discussion of the various merits and drawbacks of a Mandatory Access Restriction system for Oracle DBMS.
Introduction: In the course of my review, I will be taking an in-depth look at how such a system might work within the Oracle Database Management System. This is not meant to be exhaustive; rather, it is intended to give a general overview. If you're interested in reading more, I pointed out some good resources at the end.
I'm going to start by taking you through what we'll call "controlled objects. All of the following are controlled objects: tables, views, sequences, sequences with constraints, sequences with primary key constraints [Note the exclusion of nonexistence tables--the author believes that nonexistence tables should be subclasses of the "Controlled Object" class], materialized views and materialized view attributes (and their selectivity). Restriction on these objects is based on their existence. This differs from relational systems in which restriction would likely be based on a membership (possible not-exist) constraint.
Types of Access Contention
To deal with how these access restrictions might work within the database, I'm going to break it down into three different scenarios: read-only access, read/write access and global write operation. The way to take a look at these different access scenarios is by first looking at how the system is built. I'm going to introduce the three types of access contention and then explain how they work.
A Global Write Operation
We're taking a look at a situation where there are two global write operation happening within the database from the same user simultaneously: one that has an update operation and one that has an insert operation. We're going to be able to see what happens when we have these two simultaneous global write operations, simply by looking at what happens on our tables which will correspond with each particular type of access contention.
A Read-Only Access
Here, there is one global write operation that is only allowed to be performed by a read-only procedure. We're going to look at the way that this system works and the potential problems we might see, by looking at three tables: table PNO_VALID, table CO_VALID, table CP_CHANGE.
A Read/Write Access
In this situation we have both types of access contention happening concurrently and thus have multiple write operations being performed on a single table. We will look at the tables in question and see how they work when there are multiple concurrent operations happening on them.
We're going to be looking at five specific scenarios:
Read/write access to a table by a select statement that gets its attributes from the same table. Read/write access to a table by a select statement that gets its attributes from another table. Read-only access by an insert or update statement on an independent local view with global write access. Read/write global write operation on the same table in which two concurrent operations are performed on two different sets of data (inserts and updates). A read-only global write operation in which a procedure is only allowed to perform read operations, with the exception of one single update.
The analysis of the first scenario, read/write access to a table by a select statement that gets its attributes from the same table, is very simple. There is no restriction on the type of data being accessed. This means that, for example, if we have a table ONT_MATERIAL which has an attribute ATT_ID which has fields value 1 and value 2 and is an instance of a Materialized view with
a rules attribute that requires the existence of field ATTR_ID for it to be valid, then any statement including ATTR_ID can be inserted and updated on any row in that table.
We'll refer to this as "read/write access to a table by a select statement that gets its attributes from the same table."
Just like in the first scenario, the analysis of scenario 2 is not very difficult. The only restriction here is that we're not allowed to insert any data into any of the ATTR_ID fields, because they're all read only. We will call this "read/write access to a table by a select statement that gets its attributes from another table."
The third scenario is much more complex than the previous ones. The reason for this is that in this scenario we have two global write operations, one on the table (the insert operation) and one in another table (the update operation). If a global write occurs on the same table that has other concurrent operations happening on it, then again we don't have any restrictions. We will call this "read/write access to a table by a select statement that gets its attributes from another table."
An analysis of the second scenario, read/write access to a table by a select statement that gets its attributes from another table, is very straightforward. Here we're looking at two tables. One is primary ONT_MATERIAL and the other is a local instance of ONT_UPDATE. There are two simple rules to follow: "The primary table ONT_MATERIAL can be selected and can be updated by any statement that references the attribute ATT_ID, but the local table ONT_UPDATE cannot be updated, because it does not have an EXISTENCE constraint on its attribute ATTR_ID."
We'll refer to this as "read/write access to a table by a select statement that gets its attributes from another table."
Schema Setup
In order to accomplish our analysis, we're going to need to set up 5 tables, each with their own attributes. These tables will be
ONT_MATERIAL, ONT_UPDATE, ONT_MATERIAL_VALID, ONT_UPDATE_VALID and ONT_BATCH.
ONT stands for the object type which is either MATERIAL or UPDATE.
The table ONT_MATERIAL has a primary key and an attribute named CUSTOMER_ID which has two values: '1' or '2'. The attribute ATTR_ID contains the value 'P' or 'C' and is also an instance of a Materialized view with a rules attribute that requires that the existence of field ATTR1 for it to be valid. The attribute ATTR_ID has a field value 1 for the primary key. The table ONT_MATERIAL_VALID has a primary key and two attributes: MATERIAL and VALID. The attribute ATTR_ID is an instance of a Materialized view with a rules attribute that requires the existence of field ATTR1 for it to be valid. The table ONT_MATERIAL contains three attributes: CUSTOMER, MATERIAL and VALID. The first value in the attribute CUSTOMER is '1' or '2'. It is read-only. The second value in the attribute CUSTOMER is 'P' or 'C'.
Conclusion
The third scenario, instances of ONT_MATERIAL and ONT_UPDATE, gives us a lot to discuss. The main problem is that in this scenario, the original data cannot be changed by the statement. We know that one of the great advantages of Materialized Views is their ability to be used as a read-only cache for read-only queries. Our problem here is that we have an instance of ONT_MATERIAL which can be read but not updated and another instance of ONT_UPDATE which can be updated but not read.