Автоматизированное создание правил управления доступом к данным средствами СУБД

Прикладные программы доступа к базам данных в корпоративной информационной системе с целью обеспечения гибкости политики безопасности при доступе к данным требуют управления доступом через программирование механизма доступа на уровне строк и столбцов таблиц БД (Row Level Security). Рост числа пользователей и таблиц в БД увеличивает сложность этого процесса управления. Предлагается метод автоматизированного создания правил управления доступом к данным программными средствами активных СУБД для сокращения числа операций при создании пользовательских пространств. Предложен алгоритм для автоматического создания SQL-запросов Row Level Security механизма, который подходит для большинства СУБД, использующих избирательное управление доступом. Метод использует структурно-должностную иерархию пользователей, словари базы данных и программные шаблоны операций управления доступом в различных СУБД.Database applications in enterprise information system for flexibility of security policy large require the Row Level Security mechanism. Large number of users and tables in database increases the process complexity of administration. In this paper, we propose automated design method of hierarchical access control in database to reduce the number of operations for user data spaces creation. An algorithm for automatic creation of SQL-queries in the Row Level Security, which is suitable for most databases using the Discretionary Access Control, is proposed. Method uses structural-post hierarchy users, database dictionary and templates of access control commands for different DBMS

АВТОМАТИЗИРОВАННОЕ СОЗДАНИЕ ПРАВИЛ УПРАВЛЕНИЯ ДОСТУПОМ К ДАННЫМ СРЕДСТВАМИ СУБД

Прикладные программы доступа к базам данных в корпоративной информационной системе с целью обеспечения гибкости политики безопасности при доступе к данным требуют управления доступом через программирование механизма доступа на уровне строк и столбцов таблиц БД (Row Level Security). Рост числа пользователей и таблиц в БД увеличивает сложность этого процесса управления. Предлагается метод автоматизированного создания правил управления доступом к данным программными средствами активных СУБД для сокращения числа операций при создании пользовательских пространств. Предложен алгоритм для автоматического создания SQL-запросов Row Level Security механизма, который подходит для большинства СУБД, использующих избирательное управление доступом. Метод использует структурно-должностную иерархию пользователей, словари базы данных и программные шаблоны операций управления доступом в различных СУБД.\ud \ud Database applications in enterprise information system for flexibility of security policy large require the Row Level Security mechanism. Large number of users and tables in database increases the process complexity of administration. In this paper, we propose automated design method of hierarchical access control in database to reduce the number of operations for user data spaces creation. An algorithm for automatic creation of SQL-queries in the Row Level Security, which is suitable for most databases using the Discretionary Access Control, is proposed. Method uses structural-post hierarchy users, database dictionary and templates of access control commands for different DBMS.\u

What health care for undocumented migrants in Belgium?

n/

Information Flow Model for Commercial Security

Information flow in Discretionary Access Control (DAC) is a well-known difficult problem. This paper formalizes the fundamental concepts and establishes a theory of information flow security. A DAC system is information flow secure (IFS), if any data never flows into the hands of owner’s enemies (explicitly denial access list.

The influence of banks on auditor choice and auditor reporting in Japan

Debt as opposed to equity as the major source of financing and the influence of banks on the corporate governance of listed companies are unique features of the Japanese business environment. This thesis investigates how these features affect the choice of auditor by Japanese listed companies and auditor reporting by Japanese CPA firms on those companies. Pong and Kita (2006) provided some univariate analyses and indicated that Japanese companies tended to select the same external auditors as their main banks to reduce the agency costs. In this thesis, I further examine the influence of main banks on auditor selection by logistic regression and also investigate the influence of main banks on auditor reporting quality after controlling self-selection bias. Using data from Japanese listed companies in the Tokyo Stock Exchange over the 2002-2008 period, I provide empirical evidence that companies with more reliance on main bank loans are more likely to choose their main banks’ external auditors. Using the Propensity Score Matching method and the Heckman two-step binary probit model to control for self-selection bias, the empirical results support the hypothesis that main bank auditors are more likely to issue modified opinions to the borrowing companies than non-main bank auditors, providing evidence of higher audit quality from main bank auditors. As a sensitivity test, I also use discretionary accruals as a measure of audit quality. the results indicate that companies who choose the same auditors as their main banks have higher audit quality than companies who choose different auditors from their main banks. My thesis contributes to the existing auditing literature in several ways. First, by studying the influence of debt financing on auditor choice and auditor reporting, this thesis extends the auditor market research that focuses mainly on the role of auditors in equity markets to the bank-based market. Furthermore, this thesis also complements auditing research on the influence of institutions on audit quality

Judicial Review of European Administrative Procedure

Schwarze examines the requirements set down in the case law of the Court of Justice and the Court of First Instance that serve to guarantee a fair and impartial administrative process. He also considers whether improvements should be made to the design of the administrative process and, if so, what kind

Access agreements, widening participation and market positionality: enabling student choice?

This chapter presents an alternative view of marketised higher education form much of this volume: not only does it focus on how HEIs use marketing strategies to position themselves ethically in relation to competing HEIs of the same type; it also uses the concept of widening participation (WP) as a specific arena of institutions' marketing strategies and discusses the impact on student choice. It will locate evidence for increasing market positionality among HEIs within both marketing theory and in the historical development of widening participation policy in the English HE sector. More specifically this chapter will discuss how Office for Fair Access (OFFA) access agreements came to reflect the marketing positionality of institutions. It will present an analysis of bursary and additional support regimes and types of outreach activities that reveals a tendency for more prestigious and less prestigious institutions to engage in quite different forms of widening participation activity. It will conclude that, paradoxically, the increasingly sophisticated use of widening participation as an arena for market differentiation reduces rather than increases applicants' ability to make informed choices given the complexity of student support arrangements