On Restricted Set of DML Operations in an ERP System’s Database

Abstract

Information security is very important and critical indicator of reliability and efficiency of modern information systems. Violation of information integrity and availability usually causes to financial and reputational losses and incorrect decision making for owners of information. This paper proposes some approaches to avoid these information threads with the restricted set of DML operations that are available to users of an ERP system. These approaches are based on an analysis of semantics of data modification operations in terms of ERP-system developers and ERP security system violators that results special rules of applying certain DML operations during data processing. The analysis allowed identifying potential losses that may be caused by unauthorized usage of DML operations like inserting incorrect and redundant information, erasing necessary information, information faking, erasing the traces of previous interventions into the ERP system, blocking database data objects etc. The proposed approach to adapting the database schema to store the whole history of data records processing as regular data provides elimination of these losses because of disallowing the UPDATE operation and controlling the ability to use the DELETE operation for different types of ERP-system users.