1. Field of the Invention
In general, the invention provides a method, system, and program product for managing access to data items in a database. Specifically, the invention manages access to data items arranged into a hierarchy of nodes based on access entries associated with the hierarchy of nodes and one or more user properties of an accessing user.
2. Background Art
It is often desirable to maintain various types of data in a hierarchical structure. For example, a catalog of products can be represented in a hierarchy (i.e., clothes/men/winter/gloves, etc.). Further, a relational database management system (RDBMS) is often desired to manage the data. As a result, several solutions have been proposed for maintaining data in a hierarchical structure within a relational database.
In multi-user environments, users may be granted varied access rights to access/modify data in the hierarchical structure. For example, one user may have rights to read or modify data, while another user may only be able to read data. In existing systems, access control is generally performed at a system level by the operating system. However, it is often desirable to perform access control at an application level, based on a user identification or other user property. Managing access control at this level allows applications to fine-tune the access-control scheme to their needs. However, current application-level implementations require the inclusion of operation-specific data filtering capability at various locations in the application that perform operations on the data stored in the relational database.
As a result, there exists a need for a simplified method, system, and program product that efficiently manages access to data in a relational database above the system level.