Field of the Invention
The invention relates to information processing systems, and more particularly to methods for providing security in database management systems.
Description of the Related Art
With the growth of the World-Wide Web (“web”) and e-business solutions, database security and privacy are becoming increasingly critical. Hosting a web site on a server, referred to as web hosting, is another trend that magnifies the importance of database security. The web server includes a relational database storing a customer's data in many related tables. A web hosting company is motivated to store data from many customers in a single database management system to minimize its expenses. However, an increasing number of customers need a higher degree of security than is available with database management systems conventionally used by hosting companies, especially when the database management system is used to host more than one customer's web site and data.
Some customers need mandatory access controls in which all access to a data item, such as a database row, is controlled. Many customers also need to use a hierarchical security scheme that simultaneously supports multiple levels of access control. These concepts of mandatory access controls and hierarchical security schemes are well known. They are described, for example, in a Department of Defense standard DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria, December 1985, which is incorporated by reference herein.
Conventional relational databases, such as the database described in U.S. Pat. No. 5,751,949 to Thomson et al., provide security based on tables and views of those tables. Views can be used to limit access to selected rows and columns within one or more database tables. For example, in Thomson et al., views are used to join data tables with a security table containing user authorization information. Certain users, however, such as system administrators can bypass views and access tables directly, thereby circumventing the access control provided by views. Also, it is often cumbersome for the database administrator and application programmer to construct views that have the desired level of granularity. Although views can be effective for read-only access, views are more difficult to define for updating, inserting and deleting. Triggers, database constraints and stored procedures are often needed for update controls.
Although many applications need row-level security within a relational database so that individual user access can be restricted to a specific set of rows, there is a need to make the security control mandatory. With mandatory access control, users, application programmers and database administrators are unable to bypass the row-level security mechanism.