Relational and object-relational database management systems store information in tables of rows in a database. To retrieve data, queries that request data are submitted to a database server, which computes the queries and returns the data requested.
The queries received by a database server may be submitted by application-level end users. In many situations, it may be desirable to prevent particular application-level end users from accessing or modifying some or all of the data stored in a database for security or other reasons. In order to provide such security, access to data stored in a database may be controlled by a database access control service. A database access control service protects database data from undesired access based on one or more defined data access control policies. Each data access control policy defines database access operations, or privileges, that are either granted or denied to particular principals in the database system. Each database principal may be a particular database user or defined group of users. In order to provide fine-grain access control, database access control services may apply data access control policies on a row-level basis, controlling each principal's access to individual rows of database tables.
Database access control services that enforce row-level data access control policies may introduce considerable overhead into a database system. For example, the access conditions defined by data access control policies are specified by the database server in query operators that perform the access checks, increasing the complexity of the queries and query execution. Additional database performance overhead exists to store and evaluate the tables that store the information representing the access control policies and database principals.
Furthermore, in order to enforce data access controls on a row-level data basis, a database access control service has the overhead of evaluating the data access control policies for each row specified in a received query. To further complicate matters, much of the information related to the access control policies in the query is encapsulated in the query operator performing the access check and is unavailable to the query optimization processes during query compilation. The result is that evaluation of data access control policies for every row specified in the query often involves additional and unnecessary access control checks.
Described herein are techniques for optimizing queries against database tables that are associated with a data access control policy.