Method for monitoring stored procedures
First Claim
1. A method performed by a computer system having a processor and a memory coupled to the processor, comprising:
- generating table access data for a stored procedure of a database, the generating comprising;
determining from a data dictionary a list of table names on which the stored procedure depends;
for each of the table names in the list, detecting a table access operation command in a Structured Query Language (SQL) statement to be performed on that table in a source code of the stored procedure; and
saving as the table access data a correspondence of the detected table access operation commands and the table names for the stored procedure; and
transmitting the table access data to a secure gateway configured to, responsive to receipt of a transaction submitted by a client that invokes the stored procedure, use the table access data to monitor access through the stored procedure to the tables.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for monitoring stored procedures is disclosed. The method performs on-line and inline monitoring of stored procedures for detecting table access operations performed by the procedures. This allows the enforcing of access control policies, correlation rules and audit rules on stored procedures. The monitoring is performed using mapping information gathered about each stored procedure that can be executed by a database server. The method comprises parsing an incoming transaction submitted by a client; determining whether the incoming transaction includes an invocation of a stored procedure; obtaining a query group corresponding to the stored procedure; applying an access control policy on the query group; and asserting an unauthorized event if the query group is not compliant with the access control policy.
-
Citations
22 Claims
-
1. A method performed by a computer system having a processor and a memory coupled to the processor, comprising:
-
generating table access data for a stored procedure of a database, the generating comprising; determining from a data dictionary a list of table names on which the stored procedure depends; for each of the table names in the list, detecting a table access operation command in a Structured Query Language (SQL) statement to be performed on that table in a source code of the stored procedure; and saving as the table access data a correspondence of the detected table access operation commands and the table names for the stored procedure; and transmitting the table access data to a secure gateway configured to, responsive to receipt of a transaction submitted by a client that invokes the stored procedure, use the table access data to monitor access through the stored procedure to the tables. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium that provides instructions that, when executed by a processor of a computer system, will cause the computer system to perform operations comprising:
-
generating table access data for a stored procedure of a database, the generating comprising; determining from a data dictionary a list of table names on which the stored procedure depends; for each of the table names in the list, detecting a table access operation command in a Structured Query Language (SQL) statement to be performed on that table in a source code of the stored procedure; and saving as the table access data a correspondence of the detected table access operation commands and the table names for the stored procedure; and transmitting the table access data to a secure gateway configured to, responsive to receipt of a transaction submitted by a client that invokes the stored procedure, use the table access data to monitor access through the stored procedure to the tables. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method performed by a computer system having a processor and a memory coupled to the processor for generating table access data for a stored procedure of a database, wherein the stored procedure includes table access operation commands in one or more Structured Query Language (SQL) statements to be performed on tables of the database, wherein the tables have table names, the method comprising:
-
opening a connection to the database; sending a command to the database to cause it to run an execution plan for the stored procedure to generate a report, wherein the execution plan indicates how the database plans to execute the stored procedure; receiving the report from the database; generating the table access data from the report, the table access data storing a correspondence of the table access operation commands to the table names within the stored procedure; and transmitting the table access data to a secure gateway configured to, responsive to receipt of transactions submitted by clients that invoke the stored procedure, use the table access data to monitor access through the stored procedure to the tables. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium storing instructions for a processor of a processing device, which, when executed by the processor, cause the processor to generate table access data for a stored procedure of a database, wherein the stored procedure includes table access operation commands in one or more Structured Query Language (SQL) statements to be performed on tables of the database, wherein the tables have table names, by performing operations comprising:
-
opening a connection to the database; sending a command to the database to cause it to run an execution plan for the stored procedure to generate a report, wherein the execution plan indicates how the database plans to execute the stored procedure; receiving the report from the database; generating the table access data from the report, the table access data storing a correspondence of the table access operation commands to the table names within the stored procedure; and transmitting the table access data to a secure gateway configured to, responsive to receipt of transactions submitted by clients that invoke the stored procedure, use the table access data to monitor access through the stored procedure to the tables. - View Dependent Claims (19, 20, 21, 22)
-
Specification