What is updatable and non-updatable view? Why is authorization control more complex in DDB? Suggest the possible solution to manage the complexities.

Updatable and Non-updatable Views

Updatable View: An updatable view is a view in a database that allows users to perform insert, update, and delete operations on the underlying tables through the view itself. This means that any changes made to the view are reflected in the base tables that the view is built upon, as long as certain conditions are met. Typically, updatable views are those that represent a simple query on a single table or a set of tables without complex joins or aggregate functions. Example: If you have a view that displays customer data (name, address, and phone number) from a single customer table, you can directly update the data in that view, and it will modify the corresponding data in the customer table.

Non-updatable View: A non-updatable view, on the other hand, is a view that does not allow modifications (insert, update, or delete) to be directly performed on it. These views usually involve complex queries that aggregate data, join multiple tables, or use functions that prevent the database from identifying a clear correspondence between the view and the underlying data. Example: If you have a view that shows aggregated data (like the sum of sales per region), it would not be updatable because the database cannot figure out how to map changes in the aggregated result back to individual rows in the base tables.

Authorization Control Complexity in Distributed Databases (DDB)

Authorization control in distributed database systems (DDB) is more complex than in centralized systems because of several key challenges:

1. Distributed Nature: Data is stored across multiple locations, and users might have access to data stored at different sites. Ensuring that proper permissions are granted at each site can be difficult, and conflicts between local and global authorizations can arise.
2. Data Redundancy and Replication: In DDBs, data is often replicated across multiple nodes for fault tolerance and availability. Ensuring consistent authorization policies across all copies of the data becomes challenging since access control has to be enforced uniformly on all replicas.
3. Heterogeneity: Distributed databases often consist of different types of systems (such as relational, object-oriented, or NoSQL databases) that may implement different authorization models. Managing and synchronizing these models across all systems is complex.
4. Global and Local Authorization: In a distributed system, each site may have its own local authorization rules, but users may need access to data across multiple sites. Managing the overlap and ensuring that users can only access data they are authorized to view across the entire distributed system adds complexity.
5. Concurrency and Deadlock: In distributed systems, concurrent access to the same data by multiple users may lead to conflicts or deadlocks when trying to apply authorization rules. Managing access without causing delays or inconsistencies is a challenge.

Possible Solutions to Manage Authorization Control Complexities

To manage the complexities of authorization control in distributed databases, several solutions can be implemented:

1. Centralized Authorization Management: A centralized security or authorization server can be used to store and manage user permissions across all distributed nodes. This server can ensure uniformity in access control policies and allow easy updates to authorization rules. However, this solution needs to ensure the server’s availability and redundancy to avoid a single point of failure.
2. Role-Based Access Control (RBAC): Implementing RBAC across the distributed system helps simplify the management of permissions. Users can be assigned roles, and each role has a defined set of permissions that apply uniformly across the entire system. This reduces complexity by grouping permissions based on roles rather than on individual users.
3. Distributed Access Control Lists (ACLs): Instead of maintaining authorization rules individually on each site, distributed access control lists (ACLs) can be used. These ACLs can store permissions for each user and data object across different sites, ensuring that access control is enforced consistently in the distributed system.
4. Replicated and Federated Authentication: In environments where data is replicated across multiple sites, replicated authentication and authorization mechanisms can be used. This means that when a user is authenticated at one site, their permissions are automatically synchronized across all replicated sites, ensuring consistent access rights.
5. Encryption and Fine-Grained Access Control: Encryption of data and implementing fine-grained access controls can add an additional layer of security. Even if a user gains unauthorized access to certain data, encryption ensures they cannot read or modify it unless they have the appropriate keys or permissions.
6. Use of Middleware: Middleware solutions can abstract the authorization complexity by acting as an intermediary between the user and the distributed database. The middleware can enforce consistent authorization policies across different database systems and ensure that access control decisions are applied correctly regardless of where the data is stored.
7. Audit Logs and Monitoring: Continuously monitoring access to data and maintaining detailed audit logs can help detect and resolve unauthorized access attempts or discrepancies in authorization across distributed sites. These logs can also help administrators identify potential security breaches and take corrective actions quickly.

Hence, by combining these approaches, organizations can manage the complexities of authorization control in distributed databases and ensure a secure, well-governed system.