Fine-grained access control for data manipulation language (DML) operations on relational data
US10303894B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 31, 2016 |
| Grant date | May 28, 2019 |
| Priority date | — |
| Expiry date | May 20, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/101
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly associated with one or more data access operations such that the grant of such a column-level privilege allows the user to perform only those data access operations that are explicitly associated with the column-level privilege. Enforcement of the data security policies includes prevention of data leakage via WHERE and RETURNING INTO clauses. According to one or more embodiments, a two-phase rewrite is used to optimize enforcement of column-level privileges. During the two-phase rewrite of a given query, the privileges checked during enforcement of the User Privilege data security policies are pruned to avoid unnecessary privilege checks given the columns that are accessed in the query.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.