1. Field of the Invention
This invention relates in general to computer-implemented database systems, and, in particular, to context-sensitive authorization in an RDBMS.
2. Description of Related Art
Databases are computerized information storage and retrieval systems. A Relational Database Management System (RDBMS) is a database management system (DBMS) which uses relational techniques for storing and retrieving data. Relational databases are organized into tables which consist of rows and columns of data. The rows are formally called tuples. A database will typically have many tables and each table will typically have multiple tuples and multiple columns. The tables are typically stored on direct access storage devices (DASD) such as magnetic or optical disk drives for semi-permanent storage.
The trend toward object-oriented programming has led to a proliferation of user written software components (e.g., classes, methods, subroutines, etc.). These software components are the building blocks of larger application systems, in which a given software component may be used by many separate application programs. Often, the boundaries between one software component and another are not understood by the RDBMS because, instead of interacting directly with the RDBMS, the software components may use a generic interface, such as an Open Database Connectivity (ODBC) driver or Java Database Connectivity (JDBC) driver, to interact with the RDBMS. In this case, the RDBMS is only aware of the ODBC or JDBC driver that the software component uses to issue SQL requests.
Because the RDBMS is not aware of the software components, it is difficult to manage the RDBMS security issues associated with the application programs that are invoking the software components. For example, a given software component may need one set of RDBMS authorizations when it is invoked from application program A, and a different set of RDBMS authorizations when it is invoked from application program B. In conventional systems, there is no way to achieve this sort of authorization flexibility within the RDBMS, especially when the software component uses a generic interface like ODBC or JDBC.
There is a need in the art for context-sensitive authorization in the RDBMS.