Information is a strategic resource for an organization; a significant amount of money and time are spent acquiring and managing information. Among the more important information of a typical organization is its marketing, sales, customer, engineering, and human resources data. To assist in accessing and manipulating its information, an organization typically stores the information in electronic databases.
Because the information in databases is often quite important to an organization, it may be beneficial to ensure that people only access the databases in a controlled manner. By establishing controls, often referred to as security, inadvertent and/or surreptitious modification of an organization's information may be avoided, or at least diminished. Furthermore, controls help to ensure the confidentiality, accuracy, and availability of information.
Conventional database security techniques include assignment of permissions to access database tables and/or database procedures to individual users or groups of users. Assignment of permissions may come from a list of the permissions, and permissions may be grouped to form “roles” that may be assigned to various users. However, the list of permissions may be time-consuming to create and maintain, as it must be updated to reflect changes in user requirements. When a user's responsibilities or requirements change, the permissions assigned to the user need to change as well. As a result, umbrella permissions are often granted to give access to a large number of database tables and database procedures, because changing a user's permissions each time is time-consuming. But umbrella permissions may grant a user unnecessary access to data in a database, compromising the security of that database.
Conventional methods of assigning permissions also include analyzing application code for all database access and developing a list of permissions for access of the application. A role may be created to which the developed list of permissions is assigned, and the role may be assigned to various users.