Authorization in SQL is currently at the level of tables or columns. Many applications need a finer level of control. We propose a model for fine-grained authorization based on adding predicates to authorization grants. Our model supports predicated authorization to specific columns, cell-level authorization with nullification, authorization for function/procedure execution, and grants with grant option. Our model also incorporates other novel features, such as query defined user groups, and authorization groups, which are designed to simplify administration of authorizations. Our model is designed to be a strict generalization of the current SQL authorization mechanism.
Surajit Chaudhuri, Tanmoy Dutta, S. Sudarshan