Use one-to-one to ensure security

database-design

I was reading a book about database design, and I saw this information related to one-to-one relationship:

One-to-one relationships are sometimes also used as part of a security structure. A single entity may be broken into two entities. One will contain publicly viewable content and the second private content. For example, an employee’s information might be broken into two entities.

The first one contains nonsensitive content such as the employee’s name, department, business phone number, and position title. The second table contains sensitive material such as the employee’s social security number, home address, home phone, and salary information. There is a one-to-one relationship between the tables. Each employee has exactly one related record in the private table.

So, my question is: Is it recommended to use this approach for security matters?

Best Answer

Yes and no.

If the main concern is to restrict what is visible to different users, a view will be sufficient.

create schema sensitive_data;
create schema non_sensitive_data;

create view non_sensitive_data.employee as select id, name, department, phone, title from hidden.employee;
create view sensitive_data.employee as select id, salary, ssn from hidden.employee;

Privileged users will be given rights on sensitive_data, non-privileged users on non_sensitive_data. In RDBMSes with support for updatable views the users will access the employee table by means of the view -- and they can only select, update, or delete columns exposed on the view. They don't need access to the hidden schema at all, and can't access the underlying table directly.

However, if there is legal requirement to for example "delete all sensitive employee records as soon as the employee resigns" but you would like to retain the "neutral" employee details because the employee is a foreign key in many entities, then a two-table design might make sense.

Related Solutions

How to model a 1..1 Composition Relationship

Try thinking from the other end of the SDLC. What queries will you be writing? Would there be a performance advantage to holding the foreign key in one place or the other so only one table had to be read from disk?

From the entity types' names I would infer that the foreign keys would never be updated. If so then there is little harm in storing a FK in both Event and in TimePoint. It would make your INSERT logic ever so slightly more complex. If it saved a read-time it might pay off. You know your system best.

Database Design – Relate Two Tables to a Third Table

Here is a suggestion so you can enforce the constraints you want declaratively. (I've simplified the table names a bit, removed the bridge_ prefix.)

We remove footnote_num from:

Table:      a_ref         -- was named:  bridge_a_reference
     a_id, 
     ref_id
Primary key: 
     (a_id, ref_id)
Foreign keys:
     a_id  -> a
     ref_id -> reference

We add this table - which will basically store only those rows from a_ref with footnote, those you want to add children into the b_ref:

Table:      a_ref_with_footnote 
    a_id, 
    ref_id,
    footnote_num
Primary key: 
    (a_id, ref_id)
Unique key:
    (a_id, footnote_num)
Foreign keys: 
    (a_id, ref_id)  -> a_ref

And finally the 3rd table stays as in your design except the foreign keys which now reference the intermediate table (a_ref_with_footnote):

 Table:     b_ref         -- was named: bridge_b_reference:
     a_id, 
     b_id, 
     ref_id,
 Primary key: 
     (b_id, ref_id)
 Foreign keys: 
     (a_id, b_id) -> b
     (a_id, ref_id) -> a_ref_with_footnote

Best Answer

Related Solutions

How to model a 1..1 Composition Relationship

Database Design – Relate Two Tables to a Third Table

Related Question