Enterprises are increasingly capturing, storing, and mining a plethora of information related to communications with their customers. Often this information is stored and indexed within databases. Once the information is indexed, queries are developed on an as-needed basis to mine the information from the database for a variety of organizational goals: such as planning, analytics, reporting, etc.
Some information included in the database is confidential, such that an enterprise or an individual may desire to maintain security with respect to accessing and modifying certain information included within the database. Often entire database tables have access to their information restricted based on identifiers of certain users or based on certain roles that users assume when they are authenticated to the database.
Generally, access to resources of a database is restricted at a user-level of granularity. So, if a table of information is accessible to a user, then that entire table is usually accessible to the user. Likewise, if a table is not accessible to a user, then the entire table is probably not accessible to the user. In fact, there is little ability to restrict access to sub portions of a database table. Moreover, even when access is arguably capable of being restricted to sub portions of the table, the table itself often carries security identifiers to enforce security at a sub portion level of granularity. The problem with this approach is that the table can become untoward when access security is carried within the table. This is especially so when updates and/or changes are frequently made to the table, or when the information carried with and security associated with the table is voluminous.
In still other approaches, specific enterprise applications may be developed to sit on top of or monitor the database. These applications may provide security at a sub table portion level of granularity within the database, but they are application specific or application centric. That is, they are not database centric meaning they are not geared to be managed and handled from the point of view a specific piece of data included within the database. These techniques alter interfaces associated with accessing the database to include limitations to enforce more granular security. However, if a user can view and edit the modified interfaces, such as modified SQL statements, then the security can be potentially circumvented and compromised.
Thus, it can be seen that improved and more efficient mechanisms for granular database security are needed.