1. Field of the Invention
The present invention generally relates to data processing and more particularly to accessing data independent of the particular manner in which the data is physically represented.
2. Description of the Related Art
Databases are computerized information storage and retrieval systems. A relational database management system is a computer database management system (DBMS) that uses relational techniques for storing and retrieving data. The most prevalent type of database is the relational database, a tabular database in which data is defined so that it can be reorganized and accessed in a number of different ways.
Regardless of the particular architecture, in a DBMS, a requesting entity (e.g., an application or the operating system) demands access to a specified database by issuing a database access request. Such requests may include, for instance, simple catalog lookup requests or transactions and combinations of transactions that operate to read, change and add specified records in the database. These requests are made using high-level query languages such as the Structured Query Language (SQL). Illustratively, SQL is used to make interactive queries for getting information from and updating a database such as International Business Machines' (IBM) DB2, Microsoft's SQL Server, and database products from Oracle, Sybase, and Computer Associates. The term “query” denominates a set of commands for retrieving data from a stored database. Queries take the form of a command language that lets programmers and programs select, insert, update, find out the location of data, and so forth.
One significant issue in the context of databases is security. Databases often contain confidential or otherwise sensitive material which require a degree of security to be protected from access. For example, medical records are considered highly personal and confidential. As such, access to medical records is typically restricted to selected users. To this end, conventional database management systems may implement user profiles which specify a level of authority. Whether a user may access some particular data will depend upon the user's level of authority specified in their respective profile.
However, the foregoing approach is highly inflexible and static. Data, on the other hand, is highly dynamic (i.e. changes over time). As a result, the security imposed upon a user of conventional databases may, or may not, be appropriate with respect to the data the user is attempting to access. For example, consider a user attempting to access HIV test results. It may be desirable to prevent the user from accessing the HIV test results only if the user's own medical record reflects that the user has had an HIV test, regardless of the value (i.e., positive or negative). If, during a first attempted access, the user's medical record does not reflect an HIV test, the user is allowed to query medical records for HIV test results. If the same user subsequently has an HIV test, which is then reflected in the user's medical record, subsequent attempts to access HIV test results would be disallowed. Alternatively, it may be desirable to prevent the user from accessing HIV test results only if the user's own medical record reflects a positive HIV test result. In either case, conventional database management systems do not allow for this level of flexibility.
Therefore, there is a need for improved security mechanisms for databases.