Attribute relevant access control policies
First Claim
1. A method for executing database commands, comprising the computer-implemented steps of:
- receiving a database command that references a set of attributes of a database object;
determining which attributes of the set of attributes are referenced in the database command; and
based on which of the attributes are referenced, determining whether to modify the database command prior to executing the database command.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for attribute relevant access control policies is provided. According to one embodiment, a determination is made as to whether to modify a query based on which attributes of a database object are referenced in the query. Further, if the query references one or more attributes of the database object that are restricted, the query may be modified based on attribute restriction metadata. According to another embodiment, users are restricted from accessing data from the restricted attributes by masking the data before returning it to the users. According to yet another embodiment, certain data from restricted attributes may be masked before returning it to users while other data from restricted attributes may be returned without modification.
178 Citations
20 Claims
-
1. A method for executing database commands, comprising the computer-implemented steps of:
-
receiving a database command that references a set of attributes of a database object;
determining which attributes of the set of attributes are referenced in the database command; and
based on which of the attributes are referenced, determining whether to modify the database command prior to executing the database command. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 20)
-
-
12. A method for executing database commands, comprising the computer-implemented steps of:
-
receiving a database command that references a set of attributes of a database object;
determining which attributes in the set of attributes are restricted; and
generating a result set;
wherein the result set includes a set of rows;
wherein each row in the set of rows includes values for each attribute of the set of attributes;
wherein, for at least one row of the set of rows, values for restricted attributes in the set of attributes are not values from the database object. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification