Column masking of tables
First Claim
Patent Images
1. A machine-implemented method for managing access to data, the method comprising the steps of:
- detecting that a database command is issued;
wherein said database command requires access to at least one column in a table;
rewriting said database command by creating a modified database command, based on the database command;
wherein the modified database command specifies whether to mask a value of at least one column by returning a mask of the value instead of the value; and
executing said modified database command.
1 Assignment
0 Petitions
Accused Products
Abstract
Returning rows having column values masked is disclosed. In response to receiving a database command, a modified database command is created that specifies whether to mask a value by returning a mask of the value instead of the value. In an embodiment, the condition expression is included in a policy function that is referenced by a policy. In an embodiment, the policy determines how the condition expressions are used. The condition expression may be used to determine which column values to mask. The condition expression may also be used to filter which rows are returned.
100 Citations
20 Claims
-
1. A machine-implemented method for managing access to data, the method comprising the steps of:
-
detecting that a database command is issued;
wherein said database command requires access to at least one column in a table;
rewriting said database command by creating a modified database command, based on the database command;
wherein the modified database command specifies whether to mask a value of at least one column by returning a mask of the value instead of the value; and
executing said modified database command. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
10. A machine-implemented method for managing access to data, the method comprising the steps of:
-
detecting that a database command is issued;
detecting that said database command requires access to at least one column in a table;
in response to detecting that the database command requires access to the at least one column, creating a modified database command by selectively adding zero or more predicates that are satisfied by rows in said table to which said user is permitted access.
-
-
11. A machine-readable medium carrying one or more sequences of instructions, which when executed by one or more processors, causes the one or more processors to perform a method comprising the steps of:
-
detecting that a database command is issued;
wherein said database command requires access to at least one column in a table;
rewriting said database command by creating a modified database command, based on the database command;
wherein the modified database command specifies whether to mask a value of at least one column by returning a mask of the value instead of the value; and
executing said modified database command.
-
-
20. A machine-readable medium carrying one or more sequences of instructions, which when executed by one or more processors, causes the one or more processors to perform a method comprising the steps of:
-
detecting that a database command is issued;
detecting that said database command requires access to at least one column in a table;
in response to detecting that the database command requires access to the at least one column, creating a modified database command by selectively adding zero or more predicates that are satisfied by rows in said table to which said user is permitted access.
-
Specification