A Pragmatic Approach to Conceptual Modeling of OLAP Security

  • Torsten Priebe
  • Günther Pernul
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2224)


Traditionally data warehouses were queried by high level users (executive management, business analysts) only. As the range of potential users with data warehouse access is steadily growing, this assumption is no longer appropriate and the necessity of proper access control mechanisms arises. The security capabilities of available commercial OLAP systems are highly proprietary and the syntax of their security constraints is not suitable for design and documentation purposes. Also, approaches trying to derive the access control policies from the operational data sources have not been very successful, as the relational model is predominate in operational systems while OLAP systems make use of the non-traditional multidimensional model. Access control schemes do not map easily. We approach the issue from the application side by introducing a methodology and a language for conceptual OLAP security design.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bulos, D.: A New Dimension. In Database Programming & Design; 6/1996; reprinted in Chamoni, P, Gluchowski, P. (Eds.): Analytische Informationssysteme. Springer; Berlin et al., 1998.Google Scholar
  2. 2.
    Bulos, D., Forsman, S.: Getting Started with ADAPT. Whitepaper, Symmetry Corp.; San Rafael, 1998.Google Scholar
  3. 3.
    Cabibbo, L., Torlone, R.: Querying Multidimensional Databases. Proc. 6th International Workshop on Database Programming Languages (DBPL), Estes Park, CO, USA, August 18–20, 1997.Google Scholar
  4. 4.
    Castano, S., Fugini, M., Martella, G., Samarati P.: Database Security. ACM Press; 1994.Google Scholar
  5. 5.
    Elmasri, R.; Navathe, S.B.: Fundamentals of Database Systems; Addison-Wesley Longman, Inc.; 3rd edition; 2000.Google Scholar
  6. 6.
    Hahn, K., Sapia, C., Blaschka, M.: Automatically Generating OLAP Schemata from Conceptual Graphical Models. Proc. Third ACM International Workshop on Data Warehousing and OLAP (DOLAP 2000), McLean, VA, USA, November 2000.Google Scholar
  7. 7.
    Kimball, R.: Hackers, Crackers, and Spooks; Ensuring that your data warehouse is secure. In DBMS Magazine; April 1997.Google Scholar
  8. 8.
    Mikšovský, P., Matoušek, K., Zach, P.: Application A1 Specification. GOAL Technical Report TR8, INCO-Copernicus project no. 977091, March 1999.Google Scholar
  9. 10.
    Microsoft Corp.: Microsoft SQL Server 2000, Building Applications. Product documentation; Microsoft Corp., 1999.Google Scholar
  10. 11.
    Object Management Group: OMG Unified Modeling Language Specification. Version 1.3; March 2000.Google Scholar
  11. 12.
    Pernul, G., Winiwarter, W., Tjoa A M.: The Entity-Relationship Model for Multilevel Security. In Proc. 12th International Conference on the Entity-Relationship Approach (ER’93); Arlington, Texas, USA, December 15–17, 1993.Google Scholar
  12. 13.
    Priebe, T., Pernul, G.: Towards OLAP Security Design. Survey and Research Issues. Proc. Third ACM International Workshop on Data Warehousing and OLAP (DOLAP 2000), McLean, VA, USA, November 2000.Google Scholar
  13. 14.
    Priebe, T., Pernul, G.: Metadaten-gestützer Data-Warehouse-Entwurf mit ADAPTed UML. To appear in Proc. 5. Internationale Tagung Wirtschaftsinformatik (WI 2001); Augsburg, Germany, September 2001.Google Scholar
  14. 15.
    Rosenthal, A., Sciore, E.: View Security as the Basis for Data Warehouse Security. Proc. of the International Workshop on Design and Management of Data Warehouses (DMDW 2000); Stockholm, Sweden, June 5–6, 2000.Google Scholar
  15. 16.
    Sapia, C., Blaschka, M., Höfling, G., Dinter, B.: Extending the E/R Model for the Multidimensional Paradigm. In Kambayashi, Y. et. al. (Eds.), Advances in Database Technologies; LNCS Vol. 1552; Springer, 1999.Google Scholar
  16. 17.
    Sandhu, R.S., Coyne, E. J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer, Vol. 29, Number 2; February 1996.Google Scholar
  17. 18.
    Steger, J., Günzel, H.: Identifying Security Holes in OLAP Applications. Proc. Fourteenth Annual IFIP WG 11.3 Working Conference on Database Security; Schoorl (near Amsterdam), The Netherlands, August 21–23, 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Torsten Priebe
    • 1
  • Günther Pernul
    • 1
  1. 1.Department of Information SystemsUniversity of EssenEssenGermany

Personalised recommendations