Patent application number | Description | Published |
20080271114 | SYSTEM FOR PROVIDING AND UTILIZING A NETWORK TRUSTED CONTEXT - A system for establishing a connection between a data server and a middleware server is disclosed. The system includes defining a plurality of trust attributes corresponding to a trusted context between the middleware server and the data server and validating the plurality of trust attributes against a plurality of attributes corresponding to the middleware server. The plurality of attributes provided in a connection request. The system also includes establishing the trusted context based on the validating the plurality of trust attributes. | 10-30-2008 |
20080275880 | ACCESS CONTROL FOR ELEMENTS IN A DATABASE OBJECT - A system for controlling access to elements in a database object are provided. The system provides for receiving a request from a user to access the database object, determining whether an access restriction is imposed on the database object, and controlling access to the elements in the database object by the user based on the access restriction. The access restriction specifies one or more users to which the access restriction is applicable, defines a dynamic condition the one or more users must satisfy in order to access the database object, and identifies one or more of the elements in the database object accessible to the one or more users when the dynamic condition is satisfied. | 11-06-2008 |
20090050695 | EFFICIENT ACCESS RULES ENFORCEMENT MECHANISM FOR LABEL-BASED ACCESS CONTROL - A computer-program product for improving LBAC performance in a database may include assigning a security label to a user of a database. The security label may be one of multiple security labels associated with a security policy of the database. Each of the multiple security labels may then be compared to the user's security label to provide multiple comparison results. These comparison results may be stored in a persistent label comparison results table for later retrieval. Upon receiving a command to read or write to an object in the database, the comparison result associated with the object may be retrieved from the persistent label comparison results table. Access to the object may then be granted or denied based on the comparison result. | 02-26-2009 |
20090063951 | FINE-GRAINED, LABEL-BASED, XML ACCESS CONTROL MODEL - A method for controlling access to an XML document includes referencing a schema definition comprising a path security label definition associated with a sibling-to-sibling path of an XML document. An XML document may then be validated by comparing it with the schema definition. This validation may include verifying that the XML document has a path security label associated with a sibling-to-sibling path that is at least as restrictive as that specified by the path security label definition. An access security label may be assigned to a user seeking to access the sibling-to-sibling path. The path security label and the access security label may then be compared, using pre-determined access rules, to determine whether the user is authorized to access the sibling-to-sibling path. Access to the sibling-to-sibling path may then be granted or denied according to the access rules. | 03-05-2009 |
20090182747 | METHOD AND SYSTEM FOR USING FINE-GRAINED ACCESS CONTROL (FGAC) TO CONTROL ACCESS TO DATA IN A DATABASE - A method and system for controlling access to data stored in a table of a database are provided. The method includes marking the table of the database as being protected with fine-grained access control (FGAC), creating a system authorization class for the table of the database, the system authorization class having a default row authorization that prevents access to all rows in the table, the system authorization class being unmodifiable, creating a user authorization class for the table of the database, the user authorization class having a default row authorization that prevents access to all rows in the table, the user authorization class being modifiable, and associating the system authorization class and the user authorization class with the table of the database. | 07-16-2009 |
20110072031 | Method for modifying a query by use of an external system for managing assignment of user and data classifications - Disclosed is a data processing-implemented method, a data processing system, and an article of manufacture for modifying a query during compilation of the query. The query includes a request for an element of data from a table in a database and parameters identifying the requested element. The data processing-implemented method includes determining available information from parameters for locating a classification of the requested element and a classification associated with the query, the requested data classification controlling access to the requested element according to the query associated classification, requesting a suggested action from an external system for obtaining a comparison of the requested data classification and the query associated classification based on the available information, receiving the suggested action from the external system responsive to the sent request, and incorporating the suggested action into the query, the suggested action effecting comparison of the requested data classification with the query associated classification. | 03-24-2011 |
20120197919 | Masking Sensitive Data of Table Columns Retrieved From a Database - Access to a data element stored within a database object is controlled. A request is received from a user to perform an operation in relation to the database object, the operation including retrieval of information from the data element of the database object. Prior to retrieving information from the data element, a determination is made whether at least a portion of the information from the data element is subject to masking in accordance with an access policy. In response to determining that information from the data element is subject to masking, the request is modified to require that information from the data element be retrieved in a masked condition. | 08-02-2012 |
20120233148 | MANAGING MATERIALIZED QUERY TABLES (MQTS) OVER FINE-GRAINED ACCESS CONTROL (FGAC) PROTECTED TABLES - Provided are techniques for creating one or more fine-grained access control rules that are associated with a base table. A materialized query table is created from the base table without applying the one or more fine-grained access control rules associated with the base table when obtaining data from the base table. A fine-grained access control protection indicator is turned on for the materialized query table. In response to receiving a direct access request to the materialized query table in a query referencing the materialized query table, access is provided to the data in the materialized query table by applying one or more fine-grained access control rules associated directly with the materialized query table to the data in the materialized query table before returning the data. | 09-13-2012 |
20130086088 | Query Transformation for Masking Data Within Database Objects - According to one embodiment of the present invention, a system processes a database query, and comprises a computer system including at least one processor. The system identifies one or more expressions within the database query utilizing a database object with value masking. Masking requirements are determined for each identified expression and the database object utilized by that identified expression is replicated to provide masked and actual versions of that database object in response to the masking requirements for that expression including masked values and actual values of that database object. The value masking of the database object is applied to the identified expressions within the database query based on the determined masking requirements to produce search results with masked values for the database query. Embodiments of the present invention further include a method and computer program product for processing a database query in substantially the same manner described above. | 04-04-2013 |