Case Study :
One of the primary benefits of database is their ability to support ad-hoc reporting. In
other words managers can query the database to obtain customised information to
support decision making. However this can lead to ethical violations. Who monitors
the kind of queries a user poses to the database, particularly if it contains personal
data? “ If a company creates a database precisely so that users can do ad hoc
reporting against a relational database, how would you know what’s been extracted
or what it is being used for”? asks a vice-president of systems and technology at
paramount publishing. The real problem is the lack of standards governing the ways
data can be used in an organisation. While many organisations establish policies and
procedures to ensure that only authorised people access the database, few
organisations have any policies to monitor the way those people use the data.
Though ad hoc reporting has many benefits and many organisations use it with
caution, the ability to query a database is a threat of invasion of privacy.
(a) What measures can an organisation take to ensure that tree access to the
organisation’s database does not result in abuse of this access?
(b) How can schemes and subschemes help to ensure that users can view only
that part of the database to which they have authorised access?
Thanx in advance....