1. Technical Field
Embodiments of the present invention relate to controlling access to data of database objects, and more specifically, to controlling access to sensitive data within database table columns while maintaining data integrity for results of database query expressions.
2. Discussion of the Related Art
Fine-Grained Access Control (FGAC) has grown in importance to commercial and government users of relational databases, especially with respect to recent government initiatives being established to strengthen overall security. Fine-Grained Access Control (FGAC) can be used for complying with various data protection laws and similar requirements (e.g., Gramm-Leach Bliley Act, Health Insurance Portability and Accountability Act, EU Data Protection Directive, Privacy laws in Canada, Japan, and Australia, Payment Card Industry Data Security Standards, Interagency Guidelines for Safeguarding Customer Information, Basel II operational controls, Sarbanes-Oxley internal controls, in response to high profile privacy breaches and identity theft cases, in response to customer and vendor pressure for increased privacy and security, etc.).
Fine-Grained Access Control (FGAC) may be implemented using row permissions and column masks for database tables. A row permission is a database object that expresses a row access control rule for a specific table, where the rule describes the conditions enabling access to the rows of data within that specific table. A column mask is a database object that expresses a column access control rule for a specific database table column, where the column control rule describes conditions enabling reception of masked values from a database table column. Column masks are used to mask corresponding column values, and determine values in a final result table (but do not interfere with the operations of other clauses in the statement (e.g., WHERE, HAVING, GROUP BY, ORDER BY, SELECT DISTINCT, UNION, INTERSECT, and EXCEPT clauses)). The number of rows returned in the final result table remain the same, except that the values in the resultant rows may be masked by column masks. However, if the masked column also appears in an expression (e.g., ORDER BY sort-key, SELECT DISTINCT, etc.), the masked values in the final result table may not properly reflect the result of the expression since the masked values are used in the evaluation of the expression (or, in other words, the column mask is applied to the database table column before evaluation of the expression).