The present invention relates to a data access control apparatus for limiting data access in accordance with user attributes.
In a conventional data access control apparatus for accessing a database in accordance with a relational database management system (RDBMS), access right information is set using a database language "SQL", and the database access is controlled in accordance with the RDBMS functions. As another method, the access right information is managed by an upper application layer to control access to the database.
In setting or changing an access right using the database language "SQL", descriptions based on the SQL are required to request the data item name, file name, and retrieval condition corresponding to "SE LECT", "FROM", and "WHERE" in the data access SQL statement (SELECT statement). The more the database inquiry conditions are complicated, the larger the work amount becomes. Sophisticated database knowledge and SQL knowledge are required. It is very difficult for a regular operator to set/change the access right using the SQL. At present, the regular operator requests a database manager to set/change the access right.
In the method of managing the access right information by the upper application layer, complicated logic must be installed in an application itself. It is very difficult for even a specialist having 5 advanced knowledge to set/change the access right information. When the database is accessed using another tool, security of the database may be impaired. This method is not suitable for an open environment in which a variety of software applications are present.
The present applicant has proposed a technique (Japanese Patent Application No. 9-149913 entitled "Data Access Control Apparatus and its Program Recording Medium") which eliminates descriptions based on settings using the database language in setting an access right in accordance with a user attribute to allow a regular operator having no special knowledge to easily set or change an access right, and which does not describe an access right in an application itself to maintain security in an open environment by access control upon analyzing access right information individually managed.