_Authorization Models for Object-Oriented Databases_
by Frank Buddrus


Listing One
class Student inherit Person 
    type tuple ( Year : integer ) 
end;

Listing Two
create rule Student_Year_update 
   on before update Student->Year with o 
     if ( !access( update, o->class_o f, "Year" ) ) 
   do instead { abort( "access violation " ); } 
create rule Student_Year_read 

   on before read Student->Year with o 
     if ( !access( read, o->class_ of, "Year" ) ) 
   do instead { abort( "access violation " ); } 
create rule Student_update 
   on before update Student with o 
     if ( !access( update, o->class_of  ) ) 
   do instead { abort( "access violation " ); } 
create rule Student_read 
   on before read Student with o 
     if ( !access( read, o->class_of  ) ) 
   do instead { abort( "access violation " ); } 


Listing Three
class ( 'Person', ['Name', 'SSN'] ). 
class ( 'Student', ['Year'] ). 
class ( 'ForeignStudent', ['Visa'] ). 

inherits( 'Student', 'Person' ). 
inherits( 'ForeignStudent', 'Student' ). 

Listing Four
expl_access( 'advisor', write, 'Person' ). 
expl_access( 'student_advisor', read, 'Student',' Year' ). 

Listing Five
policy explicit_authorization 
   access(Group, Right, Class, Att ) <- 
        expl_access ( Group, Right, Class, Att ). 
   access( Group, Right, Class ) <- 
        expl_access ( Group, Right, Class ). 
end policy. 


Listing Six
policy inherited_authorization 
   access( Group, Right, SubClass, Att ) <- 
       inherits( SubClass, SuperClasses ), 
       member( SuperClass, SuperClasses ), 
       access( Group, Right, SuperClass, Att ). 
end policy. 


Listing Seven
policy class_access 
   inherited ( Class, Att ) <- 
       class( Class, AttList ), 
       member( Att, AttList ). 
   inherited ( Class, Att ) <- 
       inherits( Class, SuperClasses ), 
       member( SuperClass, SuperClasses ), 
       inherited( SuperClass, Att ). 
   access( Group, Right, Class, Att ) <- 
       inherited( Class , Att ), 
       access( Group, Right, Class ). 
end policy. 

Listing Eight
policy right_domination 
    access( Group, RightA, Class, Att ) <- 
        rdom( RightB, RightA ), 
        access( Group, RightB, Class, Att ). 
    access( Group, RightA, Class ) <- 
        rdom( RightB, RightA ), 
        access( Group, RightB, Class ). 
    rdom( update, read ). 
end policy. 

