Modern software development is evolving away from the client-server model toward network-based processing systems that provide access to data and services via the Internet or other networks. In contrast to traditional systems that host networked applications on dedicated server hardware, a “cloud” computing model allows applications to be provided over the network “as a service” supplied by an infrastructure provider. The infrastructure provider typically abstracts the underlying hardware and other resources used to deliver a customer-developed application so that the customer no longer needs to operate and support dedicated server hardware. The cloud computing model can often provide substantial cost savings to the customer over the life of the application because the customer no longer needs to provide dedicated network infrastructure, electrical and temperature controls, physical security and other logistics in support of dedicated server hardware. A customer relationship management (CRM) system is one example of an application that is suitable for deployment as a cloud-based service.
Since a cloud-based service provider stores data for a number of different clients, security is an important consideration. However, security applications may consume processing resources and adversely impact performance. Security rules may be complicated by the various types of users that the service provider accommodates, even within a single client, such as internal users within a client and portal users that are external customers of the client. As such, it may be desirable to provide techniques enabling the controlling of access to objects of the database system and/or optimizing a query to an object to improve performance and security of the database system.