Question

Suppose the MyBook.org company has three other employees of different roles. Alice: only need to retrieve book names from the database Bob: need to insert book names into the database Cob: needs to know the basic information of the table, such as the status of the table, when it was created, etc, but doesn't need to see the content in the table.

Q6: Should the company grant the same permissions to them? Briefly explain why.

Answer 1

Answer :

In my view point , company gets harm only when any changes or modification will be done without their consent .

So in scenario 1 where Alice wants to know the names of books present , permission for the same should be granted as this information is not confidential neither by reading the book names table will go through any changes .
Hence, scneario 1 should get the permission grant .

Now for scenario 2 where Bob needs to insert book names into database will make the database update with some data , and this updation should be violated which mean permission should not be granted as this will result into modification into the database , and if it is not done by the consent of office people then this act can lead to take serious action against bob.
Hence, for scenario 2 permission should not be granted .

Scenario 3 asks cob to know basic details of the table , i think which also should be hindered from seeing as some attributes may be of the type which should not be known to everybody like ownership, table creation date and all.These information should better be with the database employees only.Though retreiveing these information wil not result into any modification but database person also need to maintain some confidentialty which should not be known to everyone is not required .
Hence , for scenario 3 permission should not be granted .