Implementations of Access Matix

• Global table:

  • A set of ordered triples <domain, object, right-set>. (a cell in the martix).
  • Difficult to take advantage of grouping of objects and/or domains (if a particular object can be read by everyone it must have a separate entry in every domain).
  • Table is usually large (storage).

• Access control list:

  • A list of sets (one per object). Each set has ordered pairs <domain, right-set>. (a column in the matrix).
  • Domains with no access to this objects can be discarded.
  • Can be improved by having a default set that applies to all objects.

Previous slide

Next slide

Back to first slide

View graphic version