Database fine-grained access control

US 20050038783A1
Filed: 09/15/2004
Published: 02/17/2005
Est. Priority Date: 10/05/1998
Status: Active Grant

First Claim

Patent Images

1. A method for executing a query, the method comprising the steps of:

a database server creating a modified query by adding one or more predicates to said query; and

in response to a request to execute the query, executing said modified query instead of said query.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and mechanism are provided for accessing data. Values are stored for a set of context attributes associated with a session between a database user and a database server. The database system includes an attribute setting mechanism that selectively restricts access to the set of context attributes based on a policy. During the session, the database server executes a query that contains a reference to one or more of the context attributes. For example, the query may contain a predicate that requires a comparison between a context attribute value and a constant. The database server processes the query based on current values of the one or more of the context attributes referenced in the query. A mechanism is also provided for dynamically attaching predicates to queries, where the predicates are attached based on a policy. For example, the database system detects that a query is issued against a database object. Prior to executing the query, a policy function associated with the database object is invoked. The policy function creates a modified query by selectively adding zero or more predicates to the query based on a policy associated with the database object. The modified query is then executed.

70 Citations

View as Search Results

34 Claims

1. A method for executing a query, the method comprising the steps of:
- a database server creating a modified query by adding one or more predicates to said query; and
  
  in response to a request to execute the query, executing said modified query instead of said query.
- View Dependent Claims (2, 3, 4, 5, 6, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1 wherein:
    - the database server receives the query from a particular source; and
      
      the method further comprises selecting the one or more predicates to add to said query based on one or more characteristics of the source.
  - 3. The method of claim 2 wherein:
    - the particular source is a particular user; and
      
      the step of selecting the one or more predicates to add to said query is performed based on one or more characteristics of the particular user.
  - 4. The method of claim 1 wherein the step of creating the modified query is performed in response to the database server receiving the query from a database application.
  - 5. The method of claim 1 wherein:
    - the query operates on data within a database; and
      
      the step of creating a modified query is performed automatically by the database server based on a policy function stored within said database.
  - 6. The method of claim 1 wherein the step of creating the modified query is performed based on one or more context attribute values stored in server-side volatile memory.
  - 18. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 1.
  - 19. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 2.
  - 20. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 3.
  - 21. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 4.
  - 22. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 5.
  - 23. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 6.

7. A method for executing a query, the method comprising the steps of:
- a database server creating a modified query based on the query, wherein the modified query selects a subset of the data that is selected by said query; and
  
  executing, within said database server, said modified query instead of said query.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 8. The method of claim 7 wherein:
    - a database server receives the query from a particular source; and
      
      the method further comprises the database server determining how to modify the query to create the modified query based on one or more characteristics of the particular source.
  - 9. The method of claim 8 wherein:
    - the particular source is a particular user; and
      
      the step of selecting the one or more predicates to add to said query is performed based on one or more characteristics of the particular user.
  - 10. The method of claim 7 wherein the step of creating the modified query is performed in response to the database server receiving the query from a database application.
  - 11. The method of claim 7 wherein:
    - the query operates on data within a database; and
      
      the step of creating a modified query is performed automatically by the database server based on a policy function stored within said database.
  - 12. The method of claim 7 wherein the step of creating the modified query is performed based on one or more context attribute values stored in server-side volatile memory.
  - 13. The method of claim 12 further comprising setting one or more of said context attribute values to a particular value by making a call to a routine provided by a database server.
  - 14. The method of claim 13 wherein said routine verifies that said call is from a stored procedure prior to servicing said call.
  - 15. The method of claim 14 wherein said routine verifies that said call is from said stored procedure by inspecting one or more call stacks.
  - 16. The method of claim 7 wherein the query selects a particular set of rows from a database table, and the modified query selects a subset of the particular set of rows.
  - 17. The method of claim 7 wherein the step of creating a modified query includes adding to the query a predicate that requires a comparison between a context attribute and a value specified by an expression.
  - 24. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 7.
  - 25. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 8.
  - 26. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 9.
  - 27. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 10.
  - 28. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 11.
  - 29. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 12.
  - 30. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 13.
  - 31. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 14.
  - 32. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 15.
  - 33. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 16.
  - 34. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 17.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chon Hei Lei, Douglas James Mcmahon
Original Assignee
Chon Hei Lei, Douglas James Mcmahon
Inventors
Lei, Chon Hei, McMahon, Douglas James

Granted Patent

US 7,281,003 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2457   with adaptation to user needs

G06F 21/6218   to a system of files or obj...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/99935   Query augmenting and refini...

Database fine-grained access control

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Database fine-grained access control

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links