Systems and methods for fine grained access control of data stored in relational databases

Abstract

A system and method for facilitating secure access to database(s) is provided. The system relates to authorizing discriminatory access to relational database data. More particularly, the invention provides for an innovative technique of defining secured access to rows in relational database tables in a way that cannot be spoofed while preserving various optimization techniques. The invention affords a persistent scheme via providing for a security architecture whereby discriminatory access policies on persistent entities can be defined and enforced while preserving set based associative query capabilities. A particular aspect of the invention relates to the specification of such policies and the technique by which those policies are enforced. With respect to one particular implementation of the invention, creation, modification and deletion of access control lists called security descriptors is provided. The security descriptors can be provisioned independent of rows in tables of the database and can be shared and embody the policy on what permissions are granted to whom when associated with a row.