ROW-LEVEL SECURITY IN A RELATIONAL DATABASE MANAGEMENT SYSTEM
First Claim
1. A method of controlling access to a relational database, comprising:
- receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;
determining user security information from the user security label;
retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
determining row security information for each of the retrieved rows based on the row'"'"'s security label;
determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
returning only the rows for which the user is determined to have authorization to access.
1 Assignment
0 Petitions
Accused Products
Abstract
An access control system and access control methods provide multilevel and mandatory access control for a database management system. The access control techniques provide access control at the row level in a relational database table. The database table contains a security label column within which is recorded a security label that is defined within a hierarchical security scheme. A user'"'"'s security label is encoded with security information concerning the user. When a user requests access to a row, a security mechanism compares the user'"'"'s security information with the security information in the row. If the user'"'"'s security dominates the row'"'"'s security, the user is given access to the row.
-
Citations
40 Claims
-
1. A method of controlling access to a relational database, comprising:
-
receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;
determining user security information from the user security label;
retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
determining row security information for each of the retrieved rows based on the row'"'"'s security label;
determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
returning only the rows for which the user is determined to have authorization to access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 34)
-
-
9. (canceled)
-
10. An apparatus for use within a database management system having a data manager and a database for determining whether a user is authorized to perform a requested operation on a row of data held within the database, the user being associated with a user security label and the row having a row security label, the apparatus comprising:
-
a user security unit having recorded therein a hierarchy of security labels;
a read security unit connected to the user security unit and between the data manager and the database, and configured to return the row from the database to the data manager only if the user security label is located in the hierarchy at a level with privileges that are greater than or equal to privileges for a level in the hierarchy at which the row security label is located. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
11. (canceled)
-
17. A program product embodied on a computer readable medium, for controlling access to a relational database, comprising program instructions which when executed cause a computer to:
-
receive a user request for data from the database, the request including a request to perform a database operation and a user security label;
determine user security information from the user security label;
retrieve, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
determine row security information for each of the retrieved rows based on the row'"'"'s security label;
determine, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
return only the rows for which the user is determined to have authorization to access. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. (canceled)
-
26. A method of controlling access to data in at least one row of a database, wherein said at least one row is associated with row-level access control information., the method comprising:
-
receiving a request from a user to operate on the database;
applying mandatory access control rules to rows of the database satisfying the request by comparing, for each row of the database satisfying the request, a security level associated with the user with a security level associated with the row; and
returning data from the row if the security level associated with the row is at least a subset of the security level of the user. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method of controlling a user'"'"'s access to data in rows of a database, wherein each row is associated with a first access level within an access level hierarchy, and the user is associated with a second access level within the access level hierarchy, wherein each access level is associated with one or more privileges and the access levels are related in a hierarchical manner, the method comprising:
-
receiving a request from the user to operate on the database;
determining whether the user is authorized to operate on a row of the database that satisfies the request by determining whether privileges associated with the first access level are included in the privileges associated with the second access level, by determining if the second access level dominates the first access level; and
returning data from the row only if the user is determined to be authorized to operate on the row. - View Dependent Claims (32, 33)
-
-
35. A method for making a computer implemented process to enable controlling access to a relational database, said method comprising:
-
instantiating first computer instructions onto a computer readable medium said first instructions configured to receive a user request for data from the database, the request including a request to perform a database operation and a user security label;
instantiating second computer instructions onto a computer readable medium said second instructions configured to determine user security information from the user security label;
instantiating third computer instructions onto a computer readable medium said third instructions configured to retrieve, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
instantiating fourth computer instructions onto a computer readable medium said fourth instructions configured to determine row security information for each of the retrieved rows based on the row'"'"'s security label;
instantiating fifth computer instructions onto a computer readable medium said fifth instructions configured to determine, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
instantiating sixth computer instructions onto a computer readable medium said sixth instructions configured to return only the rows for which the user is determined to have authorization to access, wherein the user security label is one of a plurality of security labels arranged in a hierarchy of security levels, wherein the user is determined to be authorized to access the retrieved row only if the user security label corresponds to a security level having greater than or equal degree of access than a security level indicated by the retrieved row'"'"'s security label and only if the retrieved row'"'"'s security label corresponds to security categories that are a proper subset of security categories corresponding to the user security label. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification