Skip to Main Content
A technique is presented for analyzing the relationships among the predicates in a predicate-based security model for database management systems. The principal tool of the technique is the Boolean difference, which is used to examine the relationships among the predicates when users are allowed to be members of more than one user group. The effects of deleting or adding predicates on the user group definition are identified by the technique. The technique is most valuable to information security authorizers who define and maintain access-control rules.