Databases, such as IBM's IMS (Information Management System), are well known in the art. (IMS is a trademark of International Business Machines Corporation in the United States, other countries, or both.) IMS is a hierarchical database management system (HDBMS) with wide spread usage in many large enterprises where high transaction volume, reliability, availability and scalability are of the utmost importance. IMS provides software and interfaces for running the businesses of many of the world's largest corporations.
A large DBMS, such as IMS, is highly scalable and in some enterprise environments may accommodate thousands, or even tens of thousands, of users connected to the system at any given point in time. Furthermore, the information and data managed by the DBMS may be highly sensitive data, critical to the operation of the enterprise as well as critical to the individual users of the DBMS system. Travel reservation systems, inventory control, and online banking systems are some typical examples. Therefore, it is essential that such a DBMS incorporate safeguards whereby each user of the DBMS system is authorized to make various DBMS requests.
Other aspects of a large DBMS include highly reliable operation, such as 24/7 availability, and very fast response time. Even relatively small delays in response time, magnified by thousands of users, are highly detrimental to enterprise productivity. Therefore, the authorization process discussed supra must not significantly delay a user's request to update or retrieve information. To this end, a large DBMS may retain security information for each active user in cache memory for ready access when the need arises. This enhances performance by eliminating I/O processing that would otherwise be required to access the one or more files to obtain the necessary security information required to perform the authorization checking.
Therefore, caching user security information (hereinafter referred to as a cached user security profile) is known in the art and is a valuable technique for enhancing DBMS performance by eliminating I/O operations to retrieve user security information from files when performing authorization checking for the user. However, this presents a significant problem in those situations where the integrity of the cached user security profiles is compromised by changes to the underlying source security information residing in security files. The obligation to support 24/7 precludes the ability to shut the DBMS down, even for a few minutes, to resynchronize all required cached user security profiles with the information residing in the underlying source security files. On the other hand, allowing access to the DBMS using security information that is not current greatly compromises the integrity of the system.
On one extreme, eliminating all caching of security profile information provides for optimum security by always using up-to-date information from the underlying source security files. However, the overall performance of the DBMS system suffers in that every authorization check incurs substantial I/O overhead. On the other extreme, caching security profile information for an indefinite or extended time period provides for optimal performance, but greatly compromises the integrity of the system by increasing the probability that significant changes to the underlying security files may not be reflected within the cached user security profiles on a timely basis.
Accordingly, there is a great need to provide a way to refresh cached user security profiles that allows an enterprise to balance the security risks associated with cached profiles against the I/O performance impact incurred when a refresh occurs. Furthermore, there is a need to provide for dynamic adjustments to refresh intervals depending upon the changing risk of a particular user and/or changing environmental considerations.