Database systems provide back-end data storage and manipulation for countless applications, services, or systems. Typically, these applications, services, or systems may access a database in order to perform various functions. For example, a back-end database for a blog application may store entries, comments, images, and other information in a database maintaining content for the blog application. The blog application may access these entries, comments, images, or other information in order to display the content for the blog application on a website. With the advent of the Internet, the number of applications, services, or systems continues to grow, increasing the amount and complexity of information maintained by database systems for other applications. Cloud computing, content delivery networks, data storage, social media, gaming, messaging, and e-commerce are just some of the applications, systems, or services relying upon database systems.
The growth in applications, systems, or services relying upon database systems also prevents a challenge to database systems to provide more efficient and secure access to data maintained in respective databases. Some applications, services, or systems are operated by multiple users, implement multiple components, nodes, or subsystems with differing functions, or otherwise may need to provide or access different data maintained in a database system. Thus, access controls to data maintained in a database system are also often implemented by applications, systems, or services in order to ensure that the correct data for the various users, components, nodes, or subsystems in secure and efficient ways. However, burdening the applications, systems, or services with providing access control may reduce efficiency (e.g., creating an access bottleneck), increase costs (e.g., implementing additional components such as middle tiers), and introduce additional security vulnerabilities (e.g., SQL injection attacks).
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that the embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include”, “including”, and “includes” mean including, but not limited to.