×

Security execution context for a database management system

  • US 7,747,597 B2
  • Filed: 06/29/2005
  • Issued: 06/29/2010
  • Est. Priority Date: 06/29/2005
  • Status: Active Grant
First Claim
Patent Images

1. A system that provides a secure context within a multi-domain database management system, comprising:

  • at least one processor coupled to memory that executes;

    a caller'"'"'s stored procedure to access at least one resource contained in a disparate domain, wherein the stored procedure is annotated with an execute as clause to impersonate a principal of the disparate domain other than the caller of the stored procedure, wherein the execute as clause identifies the impersonated principal, and that when the execute as clause is executed, a security context for the impersonated principle is implemented by pushing the security context for the impersonated principle into a stack of execution contexts and popping the security context from the stack of execution contexts when the stored procedure terminates irrespective of the principal actually calling the stored procedure, enabling the caller to operate in a security context different from that of the caller;

    an access component that validates an identity of the impersonated principal in the disparate domain and controls access to the resources of the disparate domain based at least in part on the privileges of an authenticator, wherein the authenticator'"'"'s privileges are assigned by an administrator of the disparate domain; and

    a mapping component that maps a security context to an identity provisioned in the disparate domain if the authenticator'"'"'s credentials are determined to be trusted.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×