Database security objective: is the goal to ensure only authorized users perform authorized activities at authorized times?

Introduction / Context:
Security in database systems aims to protect confidentiality, integrity, and availability (CIA). The statement summarizes access control: who can do what, and when. This question checks whether that phrasing aligns with core security principles.

Given Data / Assumptions:

• Authorization covers operations (SELECT, INSERT, UPDATE, DELETE, EXECUTE), objects (tables, views, procedures), and context (time, location, application).
• Authentication verifies identity; authorization grants privileges; auditing records activity.
• Additional controls include encryption, row-level security, masking, and policies.

Concept / Approach:
The phrase “authorized users, authorized activities, authorized times” reflects least privilege and policy-based access control. Time-based or context-based constraints (e.g., business hours) are part of advanced authorization policies.

Step-by-Step Solution:
Map the statement to CIA: stopping unauthorized actions preserves confidentiality and integrity; timing constraints can support availability and compliance.Recognize this is a concise articulation of access control objectives.Therefore, the statement is valid.

Verification / Alternative check:
Review DBMS features such as GRANT/REVOKE, row filters, and policy-based access (e.g., session context) that implement “who/what/when.”

Why Other Options Are Wrong:
Limiting to roles or read-only misses the breadth of security; encryption is orthogonal to authorization.

Common Pitfalls:
Confusing authentication with authorization; over-granting privileges; ignoring temporal restrictions where required by policy.

Final Answer:
Valid statement