Database fine-grained access control
First Claim
1. A method for accessing data within a database system, the method comprising the steps of:
- storing values for a set of context attributes within the database system;
providing, within said database system, an attribute setting mechanism that selectively restricts access to said set of context attributes based on a policy, accessing data managed by the database system by performing the steps of;
executing a query that contains a reference to one or more of said context attributes; and
processing said query based on current values of said one or more of said context attributes.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and mechanism are provided for accessing data. Values are stored for a set of context attributes associated with a session between a database user and a database server. The database system includes an attribute setting mechanism that selectively restricts access to the set of context attributes based on a policy. During the session, the database server executes a query that contains a reference to one or more of the context attributes. For example, the query may contain a predicate that requires a comparison between a context attribute value and a constant. The database server processes the query based on current values of the one or more of the context attributes referenced in the query. A mechanism is also provided for dynamically attaching predicates to queries, where the predicates are attached based on a policy. For example, the database system detects that a query is issued against a database object. Prior to executing the query, a policy function associated with the database object is invoked. The policy function creates a modified query by selectively adding zero or more predicates to the query based on a policy associated with the database object. The modified query is then executed.
297 Citations
45 Claims
-
1. A method for accessing data within a database system, the method comprising the steps of:
-
storing values for a set of context attributes within the database system;
providing, within said database system, an attribute setting mechanism that selectively restricts access to said set of context attributes based on a policy, accessing data managed by the database system by performing the steps of;
executing a query that contains a reference to one or more of said context attributes; and
processing said query based on current values of said one or more of said context attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
the step of storing values includes storing values for a set of context attributes associated with a session between a database client and a database server; and
the step of executing a query includes the steps of said database server executing said query during said session.
-
-
3. The method of claim 2 wherein the step of storing values for a set of context attributes is performed by storing said values in a portion of server-side memory that is associated with said session.
-
4. The method of claim 1 further comprising the step of said attribute setting mechanism selectively setting values of context attributes that belong to said set of context attributes in response to messages from a database client.
-
5. The method of claim 1 wherein the step of providing an attribute setting mechanism includes providing a server-side attribute setting mechanism.
-
6. The method of claim 4 wherein the step of selectively setting values of context attributes includes:
-
executing a stored procedure in response to a message from said database client, wherein said message requests that a particular context attribute be set to a particular value;
said stored procedure determining whether said policy allows said database client to set said particular context attribute to said particular value; and
if said policy allows said database client to set said particular context attribute to said particular value, then said stored procedure causing said particular context attribute to be set to said particular value.
-
-
7. The method of claim 6 wherein said stored procedure causes said particular context attribute to be set to a particular value by making a call to a routine provided by a database server.
-
8. The method of claim 7 wherein said routine verifies that said call is from said stored procedure prior to servicing said call.
-
9. The method of claim 8 wherein said routine verifies that said call is from said stored procedure by inspecting one or more call stacks.
-
10. The method of claim 1 wherein the step of executing a query that contains a reference to one or more of said context attributes includes executing a query that contains a predicate that contains a reference to a context attribute.
-
11. The method of claim 10 wherein said predicate requires a comparison between said context attribute and a value specified by an expression.
-
12. The method of claim 4 wherein the attribute setting mechanism selectively restricts access to said set of context attributes by preventing the database client from changing values associated with a first subset of said set of context attributes.
-
13. The method of claim 12 wherein a database server automatically sets the values associated with the context attributes that belong to said first subset.
-
14. The method of claim 4 wherein the attribute setting mechanism performs a database lookup to determine whether the database client is allowed to set a particular context attribute in said set of context attributes.
-
15. The method of claim 2 wherein the query requires a portion of work to be performed by a foreign database server, the method further comprising the steps of:
-
said database server sending values for at least one of said context attributes to said foreign database server; and
said foreign database server using said values of at least one of said context attributes to execute said portion of work.
-
-
16. A method for executing a query sent to a database server by a database client, the method comprising the steps of:
-
detecting, within the database server, that the query is issued against a database object;
prior to the database server executing said query, invoking a policy function associated with said database object;
said policy function creating a modified query by selectively adding zero or more predicates to said query based on a policy associated with said database object; and
executing, within said database server, said modified query to access data managed by said database server. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
the database server maintains values for a plurality of context attributes; and
the policy function determines which predicates to add to said query based at least in part on current values of one or more of said plurality of context attributes.
-
-
18. The method of claim 16 wherein:
-
the database server maintains values for a plurality of context attributes; and
the step of adding zero or more predicates includes adding at least one predicate that references one or more of said plurality of context attributes.
-
-
19. The method of claim 16 wherein the policy function determines which predicates to add to said query based at least in part on whether the query modifies data associated with the database object.
-
20. The method of claim 16 further comprising the step of the policy function setting a context attribute value.
-
21. The method of claim 20 wherein:
-
said database object is a view that accesses a particular table; and
the context attribute value set by the policy function is set to indicate that the particular table is being accessed through the view.
-
-
22. The method of claim 17 wherein:
-
the database object is a table;
the query accesses the table through a view;
a second policy function associated with said view sets a particular context attribute value to indicate that the table is being accessed through the view; and
the policy function determines which predicates to add to said query based at least in part on said particular context attribute value.
-
-
23. The method of claim 17 further comprising the steps of:
-
providing a server-side attribute setting mechanism that selectively restricts access to said plurality of context attributes based on a policy;
said server-side attribute setting mechanism selectively setting values of context attributes that belong to said plurality of context attributes in response to messages from said database client.
-
-
24. The method of claim 16 wherein:
-
the database object is a view that accesses a table; and
the modified query is executed by;
a second policy function associated with said table creating a second modified query by selectively adding zero or more predicates to said modified query based on a second policy associated with said table; and
executing said second modified query.
-
-
25. A computer-readable medium carting one or more sequences of instructions for accessing data managed by a database system, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
storing values for a set of context attributes within the database system;
providing, within said database system, an attribute setting mechanism that selectively restricts access to said set of context attributes based on a policy, accessing data managed byte database system by performing the steps of;
executing a query that contains a reference to one or more of said context attributes; and
processing said query based on current values of said one or more of said context attributes. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
the step of providing an attribute setting mechanism includes providing a server-side attribute setting mechanism; and
the computer-readable medium includes instructions for performing the step of said server-side attribute setting mechanism selectively setting values of context attributes that belong to said set of context attributes in response to messages from said database client.
-
-
27. The computer-readable medium of claim 26 wherein the step of selectively setting values of context attributes includes:
-
executing a stored procedure in response to a message from said database client, wherein said message requests that a particular context attribute be set to a particular value;
said stored procedure determining whether said policy allows said database client to set said particular context attribute to said particular value; and
if said policy allows said database client to set said particular context attribute to said particular value, then said stored procedure causing said particular context attribute to be set to said particular value.
-
-
28. The computer-readable medium of claim 27 wherein said stored procedure causes said particular context attribute to be set to a particular value by making a call to a routine provided by the database server.
-
29. The computer-readable medium of claim 28 wherein said routine verifies that said call is from said stored procedure prior to servicing said call.
-
30. The computer-readable medium of claim 29 wherein said routine verifies that said call is from said stored procedure by inspecting one or more call stacks.
-
31. The computer-readable medium of claim 25 wherein the step of executing a query that contains a reference to one or more of said context attributes includes executing a query that contains a predicate that contains a reference to a context attribute.
-
32. The computer-readable medium of claim 31 wherein said predicate requires a comparison between said context attribute and a value specified by an expression.
-
33. The computer-readable medium of claim 26 wherein the server-side attribute setting mechanism selectively restricts access to said set of context attributes by preventing the database client from changing values associated with a first subset of said set of context attributes.
-
34. The computer-readable medium of claim 33 wherein the database server automatically sets the values associated with the context attributes that belong to said first subset.
-
35. The computer-readable medium of claim 26 wherein the server-side attribute setting mechanism performs a database lookup to determine whether the database client is allowed to set a particular context attribute in said set of context attributes.
-
36. The computer-readable medium of claim 25 wherein the query requires a portion of work to be performed by a foreign database server, the computer-readable medium further comprising instructions for performing the steps of:
-
said database server sending values for at least one of said context attributes to said foreign database server; and
said foreign database server using said values for at least one of said context attributes to execute said portion of work.
-
-
37. A computer-readable medium carrying one or more sequences of instructions for executing a query sent to a date server by a database client, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
detecting, within the database server, that the query is issued against a database object;
prior to the database server executing said query, invoking a policy function associated with said database object;
said policy function creating a modified query by selectively adding zero or more predicates to said query based on a policy associated with said database object; and
executing, within said database server, said modified query to access data managed by said database server. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
the database server maintains values for a plurality of context attributes; and
the policy function determines which predicates to add to said query based at least in part on current values of one or more of said plurality of context attributes.
-
-
39. The computer-readable medium of claim 37 wherein:
-
the database server maintains values for a plurality of context attributes; and
the step of adding zero or more predicates includes adding at least one predicate that references one or more of said plurality of context attributes.
-
-
40. The computer-readable medium of claim 37 wherein the policy function determines which predicates to add to said query based at least in part on whether the query modifies data associated with the database object.
-
41. The computer-readable medium of claim 37 further comprising instructions for performing the step of the policy function setting a context attribute value.
-
42. The computer-readable medium of claim 41 wherein:
-
said database object is a view that accesses a particular table; and
the context attribute value set by the policy function is set to indicate that the particular table is being accessed through the view.
-
-
43. The computer-readable medium of claim 38 wherein:
-
the database object is a table;
the query accesses the table through a view;
a second policy function associated with said view sets a particular context attribute value to indicate that the table is being accessed through the view; and
the policy function determines which predicates to add to said query based at least in part on said particular context attribute value.
-
-
44. The computer-readable medium of claim 38 further comprising instructions for performing the steps of:
-
providing a server-side attribute setting mechanism that selectively restricts access to said plurality of context attributes based on a policy;
said server-side attribute setting mechanism selectively setting values of context attributes that belong to said plurality of context attributes in response to messages from said database client.
-
-
45. The computer-readable medium of claim 37 wherein:
-
the database object is a view that accesses a table; and
the modified query is executed by;
a second policy function associated with said table creating a second modified query by selectively adding zero or more predicates to said modified query based on a second policy associated with said table; and
executing said second modified query.
-
Specification