ABSTRACT
In Chapter 5 we discussed security policies for database systems. We focused mainly on discretionary security policies including access control, authorization, and administration policies. We also discussed role-based access-control policies. In Part III, we discuss mandatory access-control policies such as policies for multilevel security. In this chapter we discuss policy enforcement issues. In particular, we focus on discretionary security policy enforcement issues. Many of the arguments apply to mandatory security. Policy enforcement for mandatory security is discussed in various chapters in Parts III through V.
