Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-05-11
2001-09-11
Amsbury, Wayne (Department: 2771)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C707S793000, C713S152000, C713S152000
Reexamination Certificate
active
06289344
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates in general to computer-implemented database systems, and, in particular, to context-sensitive authorization in an RDBMS.
2. Description of Related Art
Databases are computerized information storage and retrieval systems. A Relational Database Management System (RDBMS) is a database management system (DBMS) which uses relational techniques for storing and retrieving data. Relational databases are organized into tables which consist of rows and columns of data. The rows are formally called tuples. A database will typically have many tables and each table will typically have multiple tuples and multiple columns. The tables are typically stored on direct access storage devices (DASD) such as magnetic or optical disk drives for semi-permanent storage.
The trend toward object-oriented programming has led to a proliferation of user written software components (e.g., classes, methods, subroutines, etc.). These software components are the building blocks of larger application systems, in which a given software component may be used by many separate application programs. Often, the boundaries between one software component and another are not understood by the RDBMS because, instead of interacting directly with the RDBMS, the software components may use a generic interface, such as an Open Database Connectivity (ODBC) driver or Java Database Connectivity (JDBC) driver, to interact with the RDBMS. In this case, the RDBMS is only aware of the ODBC or JDBC driver that the software component uses to issue SQL requests.
Because the RDBMS is not aware of the software components, it is difficult to manage the RDBMS security issues associated with the application programs that are invoking the software components. For example, a given software component may need one set of RDBMS authorizations when it is invoked from application program A, and a different set of RDBMS authorizations when it is invoked from application program B. In conventional systems, there is no way to achieve this sort of authorization flexibility within the RDBMS, especially when the software component uses a generic interface like ODBC or JDBC.
There is a need in the art for context-sensitive authorization in the RDBMS.
SUMMARY OF THE INVENTION
To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method, apparatus, and article of manufacture for a computer implemented authorization system.
In accordance with the present invention, a statement is to be executed by a computer to manipulate data in a database stored on a data storage device connected to the computer. Initially, an environment of the database from which the statement was invoked is identified. Additionally, a security option is identified. Then, authorization privileges for the statement are determined based on the identified environment and security option.
An object of the invention is to provide context-sensitive authorization in a database. A further object of the invention is to provide context-sensitive authorization with definer, invoker, and binder security options in a trusted environment. Yet another object of the invention is to enable users to select authorization privileges in untrusted environments.
REFERENCES:
patent: 4817140 (1989-03-01), Chandra et al.
patent: 4918653 (1990-04-01), Johri et al.
patent: 5214700 (1993-05-01), Pinkas et al.
patent: 5317729 (1994-05-01), Mukherjee et al.
patent: 5323146 (1994-06-01), Glaschick
patent: 5410693 (1995-04-01), Yu et al.
patent: 5499359 (1996-03-01), Vijaykumar
patent: 5502766 (1996-03-01), Boebert et al.
patent: 5539870 (1996-07-01), Conrad et al.
patent: 5603025 (1997-02-01), Tabb et al.
patent: 5615367 (1997-03-01), Bennett et al.
patent: 5619657 (1997-04-01), Sudama et al.
patent: 5619692 (1997-04-01), Malkemus et al.
patent: 5651068 (1997-07-01), Klemba et al.
patent: 5659728 (1997-08-01), Bhargava et al.
patent: 5701453 (1997-12-01), Maloney et al.
patent: 5881225 (1999-03-01), Worth
patent: 5937159 (1999-08-01), Meyers et al.
patent: 6006228 (1999-12-01), McCollum et al.
patent: 6012067 (2000-01-01), Sarkar
patent: 6101607 (2000-08-01), Bachand et al.
patent: 0 750 412 A2 (1996-12-01), None
Tobbicke, Distributed File Systems: Focus on Andrew File System/Distributed File Service (AFS/DFS), IEEE, 1994, pp. 23-26.*
Majetic et al., “Authorization and Revocation in Object-Oriented Databases”, IEEE, 1997, pp. 668-672.*
IBM Technical Disclosure Bulletin, vol. 31, No. 5, Oct. 1988, pp. 30-33.
IBM Technical Disclosure Bulletin, vol. 32, No. 10B, Mar. 1990, pp. 16-18.
Braia Kimberly Anne
Cotner Curt Lee
Mattos Nelson Mendonca
Nakagawa Randy M.
Smith Roy Lorenzo
Amsbury Wayne
Foerster Ingrid
International Business Machines - Corporation
Komanduri Janaki
Pardo Thuy N.
LandOfFree
Context-sensitive authorization in an RDBMS does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Context-sensitive authorization in an RDBMS, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Context-sensitive authorization in an RDBMS will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2480246