Row-level security in a relational database management system

US 20040044655A1
Filed: 09/04/2002
Published: 03/04/2004
Est. Priority Date: 09/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to a relational database, comprising:

receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;

determining user security information from the user security label;

retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;

determining row security information for each of the retrieved rows based on the row'"'"'s security label;

determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information; and

returning only the rows for which the user is determined to have authorization to access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system and access control methods provide multilevel and mandatory access control for a database management system. The access control techniques provide access control at the row level in a relational database table. The database table contains a security label column within which is recorded a security label that is defined within a hierarchical security scheme. A user'"'"'s security label is encoded with security information concerning the user. When a user requests access to a row, a security mechanism compares the user'"'"'s security information with the security information in the row. If the user'"'"'s security dominates the row'"'"'s security, the user is given access to the row.

136 Citations

33 Claims

1. A method of controlling access to a relational database, comprising:
- receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;
  
  determining user security information from the user security label;
  
  retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
  
  determining row security information for each of the retrieved rows based on the row'"'"'s security label;
  
  determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information; and
  
  returning only the rows for which the user is determined to have authorization to access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the request does not contain a query of a view.
  - 3. The method of claim 1, wherein the request does not require a join of a table containing access control information for limiting user access to the database.
  - 4. The method of claim 1, wherein the database operation is a query.
  - 5. The method of claim 1, wherein the database operation involves a row update.
  - 6. The method of claim 1, wherein said determining row security information includes checking a cache for row security information corresponding to the row'"'"'s security label.
  - 7. The method of claim 1, wherein the user security label is one of plurality of security labels arranged in a hierarchy of security levels.
  - 8. The method of claim 7, wherein the user is determined to be authorized to access the retrieved row only if the user security label corresponds to a security level having a greater than or equal degree of access than a security level indicated by the retrieved row'"'"'s security label.
  - 9. The method of claim 8, wherein the user is further determined to be authorized to access the retrieved row only if the retrieved row'"'"'s security label corresponds to security categories that are a proper subset of security categories corresponding to the user security label.

10. An apparatus for use within a database management system having a data manager and a database, for determining whether a user is authorized to perform a requested operation on a row of data held within the database, the user being associated with a user security label and the row having a row security label, the apparatus comprising:
- a user security unit having recorded therein a hierarchy of security labels;
  
  a read security unit connected to the user security unit and between the data manager and the database, and configured to return the row from the database to the data manager only if the user security label is located in the hierarchy at a level with privileges that are greater than or equal to privileges for a level in the hierarchy at which the row security label is located.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The apparatus of claim 10, wherein the security labels within the security hierarchy indicate security categories associated with the security labels, and wherein the read security unit is configured to return the requested row from the database to the data manager only if security categories associated with the row security label are a proper subset of security categories associated with the user security label.
  - 12. The apparatus of claim 10, further comprising a write security unit connected to the data security unit and between the data manager and the database, and configured to set the row security label to the same value as the user security label if the requested operation is a row update operation.
  - 13. The apparatus of claim 12, wherein the write security unit is further configured to set the row security label with a level lower than the user security level if the user is authorized to update rows with a lower level security label and if security categories specified for the lower level security label are a proper subset of security categories associated with the user security label.
  - 14. The apparatus of claim 10, wherein the requested operation is submitted in a request from a user that does not contain a view operation.
  - 15. The apparatus of claim 10, wherein the requested operation does not require a join of a table containing access control information for limiting user access to the database.
  - 16. The apparatus of claim 10, further comprising a cache configured to store security information associated with a cached security label, wherein the read access control unit uses the security information in the cache if the row security label matches the cached security label.

17. A program product embodied on a computer readable medium, for controlling access to a relational database, comprising:
- program instructions for receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;
  
  program instructions for determining user security information from the user security label;
  
  program instructions for retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
  
  program instructions for determining row security information for each of the retrieved rows based on the row'"'"'s security label;
  
  program instructions for determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information; and
  
  program instructions for returning only the rows for which the user is determined to have authorization to access.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The program product of claim 17, wherein the request does not contain a query of a view.
  - 19. The program product of claim 17, wherein the request does not require a join of a table containing access control information for limiting user access to the database.
  - 20. The program product of claim 17, wherein the database operation is a query.
  - 21. The program product of claim 17, wherein the database operation involves a row update.
  - 22. The program product of claim 17, wherein said program instructions for determining row security information includes program instructions for checking a cache for row security information corresponding to the row'"'"'s security label.
  - 23. The program product of claim 17, wherein the user security label is one of plurality of security labels arranged in a hierarchy of security levels.
  - 24. The program product of claim 23, wherein the user is determined to be authorized to access the retrieved row only if the user security label corresponds to a security level having greater than or equal degree of access than a security level indicated by the retrieved row'"'"'s security label.
  - 25. The program product of claim 24, wherein the user is further determined to be authorized to access the retrieved row only if the retrieved row'"'"'s security label corresponds to security categories that are a proper subset of security categories corresponding to the user security label.

26. A method of controlling access to data in at least one row of a database, wherein said at least one row is associated with row-level access control information, the method comprising:
- receiving a request from a user to operate on the database;
  
  applying mandatory access control rules to rows of the database satisfying the request by comparing, for each row of the database satisfying the request, a security level associated with the user with a security level associated with the row; and
  
  returning data from the row if the security level associated with the row is at least a subset of the security level of the user.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26, wherein the request is not a request for a predefined view of the database to limit access to said at least one row of the database.
  - 28. The method of claim 26, wherein the method does not modify the received request to limit access to said at least one row of the database.
  - 29. The method of claim 26, wherein the request is a Structured Query Language (SQL) query.
  - 30. The method of claim 26, wherein the database is comprised of a plurality of tables and the received request includes a request for access to at least one of the plurality of tables.

31. A method of controlling a user'"'"'s access to data in rows of a database, wherein each row is associated with a first access level within an access level hierarchy, and the user is associated with a second access level within the access level hierarchy, wherein each access level is associated with one or more privileges and the access levels are related in a hierarchical manner, the method comprising:
- receiving a request from the user to operate on the database;
  
  determining whether the user is authorized to operate on a row of the database that satisfies the request by determining whether privileges associated with the first access level are included in the privileges associated with the second access level; and
  
  returning data from the row only if the user is determined to be authorized to operate on the row.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31, wherein the request does not contain a request for a view operation.
  - 33. The method of claim 31, wherein the request does not require a join of a table containing access control information for limiting user access to the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Miller, Roger Lee, Cotner, Curt

Granted Patent

US 7,240,046 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/3
CPC Class Codes

G06F 16/21   Design, administration or m...

G06F 16/284   Relational databases

G06F 21/6227   where protection concerns t...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2145   Inheriting rights or proper...

Y10S 707/954   Relational

Y10S 707/956   Hierarchical

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/99935   Query augmenting and refini...

Y10S 707/99939   Privileged access

Row-level security in a relational database management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Row-level security in a relational database management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links