1. Technical Field
The present invention relates to accessing information from a database and, in particular, masking of sensitive data located in columns of a database table, where the output of the sensitive data is masked based upon user access to such data.
2. Discussion of the Related Art
Preventing unauthorized users from retrieving column-level information when such persons have no business need to see the data is an extremely important and difficult database task. In many scenarios, it is desirable to prevent or restrict specific users from accessing column-level information, while allowing other users access to that information within a database table. For example, in a scenario in which employee information is provided for all employees of a company, where the columns of table include employee social security number, salary, and other relevant information about the employee (such as employee age, department, home address information, etc.), it may be desirable to restrict access to certain columns of information (e.g., salary information, social security number information, etc.) to only those people authorized to receive such information (e.g., managers, payroll department employees, etc.) but prevent other unauthorized people from receiving that information. While there may be an access rule for information retrieval, users should be able to perform certain other tasks (such as INSERT, UPDATE, or DELETE tasks) in the database table. Articulating such column-level access control rules using the power of SQL is an interesting and challenging database topic.