Authentication and authorization in a multi-tier relational database management system

Assignee

• Oracle Corporation · US

Inventors

• Gordon Buhle · Ramona, US
• Richard R. Wessman · Redwood City, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99939
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method is provided for ensuring effective and accurate authentication and authorization in an N-tier relational database management system. An N-tier relational database management system comprises a set of clients, one or more data servers and one or more middle-tier servers through which the clients may access the data servers. A method is provided for enabling a middle-tier server to connect to a data server and perform database operations on behalf of a client while promoting the ability to ensure the middle-tier server does not exceed its authorized privileges or roles. In this method a middle-tier server first establishes a session with the data server using the middle-tier server's own identity (e.g., username) and verification (e.g., password). The middle-tier server may be granted limited roles when acting under its own identity in order to prevent it from performing unauditable or unaccountable operations on behalf of clients. The middle-tier server receives from the data server a credential that it provides when it needs to operate on behalf of a client. In this method, after the middle-tier server establishes its own session and receives a credential, it may then esta…