1. Field of the Invention
The present invention relates to the management of database systems. More specifically, the present invention relates to a method and an apparatus for facilitating delegated and compartmentalized database user management.
2. Related Art
Application service providers (ASPs) are commonly used to support numerous applications for multiple enterprises, partners and end users. Within an ASP, multiple databases are often combined into a single database instance in order to consolidate information and to save costs. However, this consolidation can create problems, because users belonging to one enterprise can potentially access information belonging to another enterprise that is contained within the same consolidated database. Hence, a consolidated database must be carefully designed to ensure that users of a first application belonging to a first enterprise do not have access to data belonging to a second enterprise.
Within an ASP computer system, it is also advantageous to delegate the management of users to respective organizational administrators, instead of relying on system administrators of the ASP to manage users. This allows an organization administrator to enforce specific policies for the organization. However, delegating management responsibilities also introduces potential problems because system administrators from a first organization can potentially manipulate users or data belonging to a second organization.
Hence, an ASP computer system must be carefully designed to ensure that system administrators belonging to a first organization cannot affect users belonging to a second organization. Designing an ASP computer system with the necessary protections can be challenging if the underlying database system is a table-based relational database system, as opposed to a hierarchical database system. This is because information from different organizations may be stored within a flat namespace in the same relational table.
What is needed is a method and an apparatus for facilitating delegated and compartmentalized management of users within a consolidated database system that supports multiple compartmentalized applications belonging to multiple organizations.
One embodiment of the present invention provides a system that facilitates compartmentalized user management in a database system. This database system is compartmentalized into a plurality of domains that are insulated from each other, so that a given user who has access to data within an associated domain does not have access to data in other domains. Upon receiving a request from a database administrator to perform an operation on a user within the database system, the system identifies a domain that the user is associated with in the database system. Next, the system determines whether the database administrator is authorized to modify users associated with the domain. If so, the system performs the operation by modifying an entry for the user within a user table in the database system that contains an entry for each user of the database system.
In one embodiment of the present invention, the operation on the user can include: creating the user within the database system; altering the domain that the user is associated with in the database system; and dropping the user from the database system.
In one embodiment of the present invention, the system disallows the operation if the database administrator is not authorized to modify users of the domain.
In one embodiment of the present invention, the plurality of domains in the database system are organized into a hierarchy in which each domain can have multiple direct descendents and at most one direct ancestor. In this embodiment, each database administrator for the database system is associated with a given domain in the hierarchy and is authorized to modify users associated with the given domain, as well as users associated with domains that are descendents of the given domain.
In one embodiment of the present invention, each database administrator for the database system is authorized to modify the database administrator""s associated domain, as well as domains that are descendents of the associated domain within the hierarchy.
In one embodiment of the present invention, the system receives a request from the database administrator to perform an operation on a target domain within the database system. In response to this request, the system determines whether the database administrator is authorized to modify the target domain. If so, the system performs the operation by modifying an entry for the target domain within a domain table in the database system that includes an entry for each domain defined within the database system.
In one embodiment of the present invention, the operation on the domain can include: creating the domain within the database system; moving the domain to be under a different parent domain within the database system; dropping the domain from the database system; and renaming the domain.
In one embodiment of the present invention, each entry in the domain table includes a domain identifier, and an identifier for a parent domain.
In one embodiment of the present invention, identifying the domain that the user is associated with involves looking up an identifier for the domain in the entry for the user in the user table, if the entry exists. If the entry does not exist, identifying the domain involves receiving the identifier for the domain as part of the request to perform the operation.