Fine-grained access control for data manipulation language (DML) operations on relational data

Fine-grained access control for data manipulation language (DML) operations on relational data

Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly asso...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Liang, Chao, Ru, Yi, Ahmed, Tanvir, Pesati, Vikram Reddy
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Liang, Chao
Ru, Yi
Ahmed, Tanvir
Pesati, Vikram Reddy
description Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly associated with one or more data access operations such that the grant of such a column-level privilege allows the user to perform only those data access operations that are explicitly associated with the column-level privilege. Enforcement of the data security policies includes prevention of data leakage via WHERE and RETURNING INTO clauses. According to one or more embodiments, a two-phase rewrite is used to optimize enforcement of column-level privileges. During the two-phase rewrite of a given query, the privileges checked during enforcement of the User Privilege data security policies are pruned to avoid unnecessary privilege checks given the columns that are accessed in the query.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US11386221B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US11386221B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US11386221B23</originalsourceid><addsrcrecordid>eNqNi7sOwjAMALMwIOAfzAZDh6QSYuZRMcAErFRW6kaRgh0l6f9TFT6A6Ya7m6tX45kql3BEB2gt5QxWuCQJ0EuCDgvCG9nHIWDxwhCQ3YCOYHO6XbcgkdIkMowy0bfCMJ1LNesxZFr9uFDr5vw4XiqK0lKOaImptM-71vV-Z4w-mPqf5gPqzDwP</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Fine-grained access control for data manipulation language (DML) operations on relational data</title><source>esp@cenet</source><creator>Liang, Chao ; Ru, Yi ; Ahmed, Tanvir ; Pesati, Vikram Reddy</creator><creatorcontrib>Liang, Chao ; Ru, Yi ; Ahmed, Tanvir ; Pesati, Vikram Reddy</creatorcontrib><description>Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly associated with one or more data access operations such that the grant of such a column-level privilege allows the user to perform only those data access operations that are explicitly associated with the column-level privilege. Enforcement of the data security policies includes prevention of data leakage via WHERE and RETURNING INTO clauses. According to one or more embodiments, a two-phase rewrite is used to optimize enforcement of column-level privileges. During the two-phase rewrite of a given query, the privileges checked during enforcement of the User Privilege data security policies are pruned to avoid unnecessary privilege checks given the columns that are accessed in the query.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2022</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20220712&amp;DB=EPODOC&amp;CC=US&amp;NR=11386221B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20220712&amp;DB=EPODOC&amp;CC=US&amp;NR=11386221B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Liang, Chao</creatorcontrib><creatorcontrib>Ru, Yi</creatorcontrib><creatorcontrib>Ahmed, Tanvir</creatorcontrib><creatorcontrib>Pesati, Vikram Reddy</creatorcontrib><title>Fine-grained access control for data manipulation language (DML) operations on relational data</title><description>Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly associated with one or more data access operations such that the grant of such a column-level privilege allows the user to perform only those data access operations that are explicitly associated with the column-level privilege. Enforcement of the data security policies includes prevention of data leakage via WHERE and RETURNING INTO clauses. According to one or more embodiments, a two-phase rewrite is used to optimize enforcement of column-level privileges. During the two-phase rewrite of a given query, the privileges checked during enforcement of the User Privilege data security policies are pruned to avoid unnecessary privilege checks given the columns that are accessed in the query.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2022</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNi7sOwjAMALMwIOAfzAZDh6QSYuZRMcAErFRW6kaRgh0l6f9TFT6A6Ya7m6tX45kql3BEB2gt5QxWuCQJ0EuCDgvCG9nHIWDxwhCQ3YCOYHO6XbcgkdIkMowy0bfCMJ1LNesxZFr9uFDr5vw4XiqK0lKOaImptM-71vV-Z4w-mPqf5gPqzDwP</recordid><startdate>20220712</startdate><enddate>20220712</enddate><creator>Liang, Chao</creator><creator>Ru, Yi</creator><creator>Ahmed, Tanvir</creator><creator>Pesati, Vikram Reddy</creator><scope>EVB</scope></search><sort><creationdate>20220712</creationdate><title>Fine-grained access control for data manipulation language (DML) operations on relational data</title><author>Liang, Chao ; Ru, Yi ; Ahmed, Tanvir ; Pesati, Vikram Reddy</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US11386221B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2022</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Liang, Chao</creatorcontrib><creatorcontrib>Ru, Yi</creatorcontrib><creatorcontrib>Ahmed, Tanvir</creatorcontrib><creatorcontrib>Pesati, Vikram Reddy</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Liang, Chao</au><au>Ru, Yi</au><au>Ahmed, Tanvir</au><au>Pesati, Vikram Reddy</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Fine-grained access control for data manipulation language (DML) operations on relational data</title><date>2022-07-12</date><risdate>2022</risdate><abstract>Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly associated with one or more data access operations such that the grant of such a column-level privilege allows the user to perform only those data access operations that are explicitly associated with the column-level privilege. Enforcement of the data security policies includes prevention of data leakage via WHERE and RETURNING INTO clauses. According to one or more embodiments, a two-phase rewrite is used to optimize enforcement of column-level privileges. During the two-phase rewrite of a given query, the privileges checked during enforcement of the User Privilege data security policies are pruned to avoid unnecessary privilege checks given the columns that are accessed in the query.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US11386221B2
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Fine-grained access control for data manipulation language (DML) operations on relational data
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T01%3A00%3A38IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Liang,%20Chao&rft.date=2022-07-12&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS11386221B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true