Abstract

When defining Access Control Policies for XML Databases administrators need to make sure that they are not inconsistent, this is, that it is not possible to perform a forbidden operation through a sequence of allowed operations. This problem has been studied before for policies defined using authorizations based in insert, delete, replace and replaceVal types to control updates in documents that conform to structured DTDs and chain DTDs. For those policies, consistency can be checked in polynomial time, but the problem of minimally restoring consistency is np-hard. In this article we show how the administration of authorization can be simplified by considering only insert and delete permissions, while still being able to control access of replace updates, in such a way that they can be checked for consistency and repaired if they are not in polynomial time. Also, this simplified policies allow to control a more general class of updates than the ones previously studied.