Dynamic auditing
First Claim
1. A database system comprising:
- a plurality of database objects, each database object having a level of security;
an auditing system operable to monitor database operations that are attempted to be performed on the database objects, wherein the auditing system is operable to monitor the database operations based on;
a plurality of factors, each factor representing a characteristic of a user of the database system, a plurality of rules, each rule defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object of the data to be operated on, and a plurality of realms, each realm defining a privilege of the user of the database system relative to a schema of the database system; and
wherein the rule triggers an audit event, alert, or notification upon success or failure of the rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of database objects, each database object having a level of security, a plurality of factors, each factor representing a characteristic of a user of the database system, at least one database session of the user in the database, the database session having a level of security, the user connected to the database with a network domain, each network domain having a level of security, wherein the database system is operable to grant or deny access to the data to a user based on the factors associated with the user, based on the level of security of the data, based on the level of security of the database session, and based on the level of security of the network domain.
-
Citations
27 Claims
-
1. A database system comprising:
-
a plurality of database objects, each database object having a level of security;
an auditing system operable to monitor database operations that are attempted to be performed on the database objects, wherein the auditing system is operable to monitor the database operations based on;
a plurality of factors, each factor representing a characteristic of a user of the database system, a plurality of rules, each rule defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object of the data to be operated on, and a plurality of realms, each realm defining a privilege of the user of the database system relative to a schema of the database system; and
wherein the rule triggers an audit event, alert, or notification upon success or failure of the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
-
-
10. A method of operating a database system comprising:
-
providing a plurality of database objects, each database object having a level of security;
monitoring database operations that are attempted to be performed on the database objects, wherein the auditing system is operable to monitor the database operations based on;
a plurality of factors, each factor representing a characteristic of a user of the database system, a plurality of rules, each rule defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object of the data to be operated on, and a plurality of realms, each realm defining a privilege of the user of the database system relative to a schema of the database system; and
triggering an audit event, alert, or notification upon success or failure of a rule. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 20, 22, 23, 24, 25, 26, 27)
-
-
19. A computer program product for operating a database system comprising:
-
a computer readable medium;
computer program instructions, recorded on the computer readable medium, executable by a processor, for performing the steps of providing a plurality of database objects, each database object having a level of security;
monitoring database operations that are attempted to be performed on the database objects, wherein the auditing system is operable to monitor the database operations based on;
a plurality of factors, each factor representing a characteristic of a user of the database system, a plurality of rules, each rule defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object of the data to be operated on, and a plurality of realms, each realm defining a privilege of the user of the database system relative to a schema of the database system; and
triggering an audit event, alert, or notification upon success or failure of a rule.
-
Specification