☜ | OMI - AuthorizationDraft MDC Standard | ☞ |
Most database management systems provide authorization, the determination that the user has authority for the requested operation on a database. The system performs the function if authorized and returns an error to the application program if not.
A survey of M[UMPS] implementations revealed a wide variety of authorization methods. In most – but not all – only 1 user gets a user ID and several users share a group ID. Each database item is associated with a user ID and a group ID. (The association may be with the file that holds the globals, the globals themselves, or parts of globals). Different privileges for different operations then derive from matches of the user ID and group ID.
Most of the surveyed implementations perform authorization on the server node, where the necessary information is stored. At least 1, however, performs all authorization on the client node by consulting a list of authorized globals for each user and sending only authorized requests to the server.
Finding no method subsuming both cases, the designers chose authorization on the server (described in 4.5.5), recognizing the additional implementation cost for those who presently perform authorization on the client.
Vendors may wish to let their servers recognize a "super-user" ID, given all privileges, for sessions with clients that send only authorized requests.
Copyright © Standard Documents; 1977-2024 MUMPS Development Committee;
Copyright © Examples: 1995-2024 Ed de Moel;
Copyright © Annotations: 2003-2008 Jacquard Systems Research
Copyright © Annotations: 2008-2024 Ed de Moel.
Some specifications are "approved for inclusion in a future standard". Note that the MUMPS Development Committee cannot guarantee that such future standards will indeed be published.
This page most recently updated on 13-Sep-2014, 14:30:08.
For comments, contact Ed de Moel (demoel@jacquardsystems.com)