1. Field of the Invention
The present invention generally relates to computer databases. More specifically, the present invention relates to data access authorizations used to filter query results based on the focus of a database query.
2. Description of the Related Art
Computer databases are well known systems used to store, maintain, and retrieve data. Generally, a database is a collection of data that is organized in a manner to allow its contents to be easily accessed, managed, and updated. The most prevalent type of database used today is the relational database, which organizes data using tables, and relationships between tables. For example, the DB2® family of RDBMS (relational database management system) products available from International Business Machines, Inc. (IBM) provides a sophisticated commercial implementation of a relational database.
Tables in a relational database include one or more columns. Each column typically specifies a name and a data type (e.g., integer, float, string, etc.), and is used to store a common element of data. For example, in a table storing data related to patients, each patient might be referenced using a patient identification number stored in a “patient ID” column. Data from each row of this table is related to the same patient, and generally referred to as a “record.” Tables that share at least one element in common (e.g., the patient ID column) are said to be “related.” Additionally, tables without a common data element may be related through other tables that do share such elements.
A relational database query may specify which columns to retrieve data from, how to join columns from multiple tables, and conditions that must be satisfied for a particular data record to be included in a query result set. Current relational databases typically process queries composed in a format specified by a query language. For example, the widely used query language SQL (short for Structured Query Language) is supported by virtually every database available today. An SQL query is composed using a syntax that requires the use of one or more clauses set off using specific keywords. Composing a proper SQL query requires that a user understand the structure and content of the relational database (i.e., a schema of tables and columns) as well as the complex syntax of the SQL query language. This complexity often makes it difficult for average users to compose relational database queries.
Accordingly, query applications have been developed to simplify the process of composing a database query. For example, database abstraction techniques are available that allow a user to compose an abstract or logical query using logical fields that reflect the substantive content of the data being queried independently from the particular manner of data representation used by the database storing the data (e.g., a relational schema). Using such applications, a user may compose a query and submit it to a database management system (DBMS). In response, the DBMS may generate an actual or physical query that may be executed by the underlying DBMS (e.g., an SQL query). Thus, database abstraction techniques free a user from having to understand the complexity of a query language and database schema. Typically, the query results include a table populated with rows that satisfy conditions specified by the query.
As ever increasing amounts of data is stored and managed in an electronic form that may be queried, what data a given user may access from a database is an area of great concern. One approach to managing access to a database is to associate one or more authorization routines with certain fields that may be included in a database query. Such authorization routines may add a clause to a relational query generated by a query application. When the DBMS executes the query, the added clause may limit or modify the data returned from the database. Typically, however, these authorization routines are static in that a single authorization routine is always associated with a given field. Thus, regardless of the purpose of the query, or the individual wishing to perform the query, the same authorization routine is used for any query that includes the routine.
While this works as intended, it has proven to be unduly restrictive in some cases. For example, even though the same field may be included in many different queries, the focus of queries may differ from one another. Thus, in some cases, the authorization routine for a given field may exclude data from query results that are not inappropriate, or perhaps worse, may include data in query results that are inappropriate based on the focus of the query. Thus, depending on the focus of a given database query, the restrictions imposed by a given authorization routine may, or may not, operate as intended to restrict access to a database data.
Accordingly, there remains a need for associating a database query authorization routines in a flexible and effective manner, based on query focus data.