CN102521385A - Method for setting forced access control on database system graph - Google Patents
Method for setting forced access control on database system graph Download PDFInfo
- Publication number
- CN102521385A CN102521385A CN2011104337097A CN201110433709A CN102521385A CN 102521385 A CN102521385 A CN 102521385A CN 2011104337097 A CN2011104337097 A CN 2011104337097A CN 201110433709 A CN201110433709 A CN 201110433709A CN 102521385 A CN102521385 A CN 102521385A
- Authority
- CN
- China
- Prior art keywords
- access control
- database systems
- control policy
- exist
- forcing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method for setting forced access control on a database system graph, which includes steps: (1) judging whether an applied forced access control strategy exists and entering step (2) on yes judgment; (2) judging whether the database system graph of the applied forced access control strategy exists and entering step (3) on yes judgment; (3) judging whether a graph of the applied forced access control strategy is a system graph, entering step (4) on yes judgment and stopping the flow path on no judgment; and (4) judging whether the forced access control strategy is depended on repeatedly, namely whether the forced access control strategy is already applied to the system graph, building a dependence relation on no judgment and stopping the flow path on yes judgment. The method for setting forced access control on the database system graph can protect sensitive data in the database system graph.
Description
Technical field
The present invention relates to a kind of database access control method, relate in particular to a kind of system's table in the database is provided with and force the access control method of (Mandatory Access Control is called for short MAC), belong to the Database security technology field.
Background technology
Database Systems are being born the task of storage and management service data, and the security of assurance and reinforcement Database Systems is importances of information security.The security of Database Systems depends on data base management system (DBMS) to a great extent.If the security mechanism of data base management system (DBMS) such as access control policy etc. are more perfect, then the security performance of Database Systems is just better relatively.
The access control policy that conventional database systems provides can satisfy the requirement of general application, but can't satisfy the demand in some important departments or responsive field.This is because in traditional database; General access control ability can only reach autonomous access control rank; Manage according to uniform way for sensitive information and general information; The only control that conducts interviews of the authority through the user just can't reach the effect of protection for those premeditated saboteurs, particularly internal staff.In order to satisfy increasingly high safety requirements, need the access control ability of Database Systems to bring up to pressure access control rank, to sensitive data special protection is provided.
Force access control to be meant that system is the security that guarantees higher degree, the pressure access audit means of taking according to the requirement of security strategy in the TDI/TCSEC standard.In forcing access control, whole entities that data base management system (DBMS) (Database Management System is called for short DBMS) is managed are divided into two big types of subject and objects.Main body comprises domestic consumer, system manager and superuser etc.; Object comprises database table, index, data dictionary and tuple wherein etc.For subject and object, DBMS is that their each instance is assigned a susceptibility mark (Label).The pressure access control policy promptly is through the Label that compares main body and the Label of object, confirms finally whether main body can the access object.
In application number was 201010578774.4 Chinese invention patent application, a kind of database forced access control method and system thereof based on strategy disclosed.This method comprises the following steps: 1) set up the multi-dimensional indexing tree for the tables of data in the database; 2) will force the access control safety label to set strategy stack successively stores on the node of multi-dimensional indexing tree; 3) carry out user capture control based on the multi-dimensional indexing tree that has superposeed tactful.This system comprises front-end and back-end, and front end comprises tactical management assembly and index tree assembly, and the rear end comprises access control components and strategy modification assembly.Use administrator just specifies of the present invention that a small amount of pressure access control safety label in the high-volume database is set strategy and manage, thereby reduce expending of time and manpower in a large number.Strategy is superimposed on the index tree, makes the safety label of data calculate and can be combined as a whole with the retrieving of data based on the access control of safety label, it is consuming time to have reduced extra retrieval.Improved the speed of response of carrying out efficient and data access.
In commonly used data base management system (DBMS) such as SQL Server, almost all configuration informations, safety information and object information all are stored in it self system's table.System's table is present in each independent database.When creating a database; Data base management system (DBMS) can be set up some system's tables automatically; For example show object chart that SYSOBJECTS is used for descriptive data base, view, storing process etc.; Table SYSUSER is used for the user of descriptive data base, and table SYSLOGINS is used to preserve login name, password and the configuration information of each server, and table SYSDATABASE preserves all database names, the owner, state and other information etc. on the server.For the user of Database Systems, no matter be the system's table that directly uses system's table of database or use database indirectly, need prevent that all the object definition in the locking system table is used by undelegated user.Therefore, the user before, must have the right competence of access object definition at operand (or data of object preservation).But, to the access control policy of Database Systems table, still do not have complete proven technique solution at present.
Summary of the invention
Technical matters to be solved by this invention is to provide a kind of method of forcing access control that system's table in the database is provided with.
For realizing above-mentioned goal of the invention, the present invention adopts following technical scheme:
A kind of the Database Systems table is provided with the method for forcing access control, it is characterized in that comprising the steps:
(1) judges whether the pressure access control policy that is employed exists, if the pressure access control policy exists then gets into step (2);
(2) judge to be employed to force the Database Systems table of access control policy whether to exist; If exist then get into step (3);
(3) judge whether the table that is employed the pressure access control policy is system's table, if system's table then gets into step (4); If not system's table, then process ends;
(4) judge to force access control policy whether to be repeated to rely on, promptly to force access control policy whether to be applied on this system's table,, then can set up dependence if be not applied on this system's table; If force access control policy to be applied on system's table, then process ends.
Wherein more excellently, said method also comprises the steps:
Judge that system's table of setting up dependence is that the shared system table also is non-shared system table; If shared system table; Then will force access control policy and the Table I D of system to write in the strategy on the shared system table; If be non-shared system table, then will force access control policy to be write by in the strategy on the protection system table.
Wherein more excellently, through the pressure access control information of Database Systems function setup Database Systems table, the pressure access control information of Database Systems table is recorded in the strategy of Database Systems table.
Wherein more excellently, the operation steps that the safety label of the row in the corresponding system table is set comprises:
(11) whether judgement needs the pressure access control policy of deletion to exist, if exist then get into next step; If do not exist, process ends;
(15) judge whether the pressure access control policy is used on the goal systems table, if do not have application, then process ends; If use, then go to next step;
(16) be provided with in the corresponding system table based on the safety label of going.
Wherein more excellently, between step (11) and step (15), also comprise the steps:
(12) judge whether the system's table be employed strategy is system's table, judge simultaneously whether this table exists, if this table does not exist or be not system's table, process ends then, otherwise entering next step.
Wherein more excellently, between step (12) and step (15), also comprise the steps:
(13) judge whether rational class information, if then get into next step, if not process ends then.
Wherein more excellently, between step (13) and step (15), also comprise the steps:
(14) judge whether it is system's table of sharing, for dissimilar system's tables, following flow process will be transferred to the different security table of grading.
Wherein more excellently, said method also comprises the step that the Database Systems table is removed the pressure access control policy:
(21) judge whether the system's table be employed strategy exists, if this table does not exist, process ends then; If should exist by table, then get into next step;
(22) whether the judgement pressure access control policy that need remove exists, if do not exist, and process ends then; If exist then get into next step;
(24) check whether this pressure access control policy produces dependence with the Database Systems table, if force access control policy not to be applied on the Database Systems table this process ends; If produced dependence, then get into next step;
(25) remove Database Systems table and the dependence of forcing access control policy, also remove the label information in the corresponding safe class simultaneously.
Wherein more excellently, between step (22) and step (24), also comprise the steps:
(23) judge that the Database Systems table that is cited is system's table of what type; If shared system table; Then the operand of following flow process is the strategy on the shared system table, if be non-shared system table, then the operand of following flow process is by the strategy on the protection system table; Get into next step then.
Forced access control method provided by the present invention can be provided with the pressure access control policy to the Database Systems table.In the user accesses data storehouse during system's table; At first check the pressure access control right of Database Systems table; Uncommitted non-authority user can not visit this system's table, and the authority user who only obtains authorizing can visit this system's table, thereby the sensitive data in system's table is protected.
Description of drawings
Below in conjunction with accompanying drawing and embodiment the present invention is done further detailed description.
Fig. 1 is for being provided with the synoptic diagram of forcing access control policy to the Database Systems table;
Fig. 2 uses the operation steps synoptic diagram of forcing access control policy to the Database Systems table;
Fig. 3 is for removing the operation steps synoptic diagram of forcing access control policy to the Database Systems table;
Fig. 4 is the operation steps synoptic diagram that the safety label of the row in the corresponding system table is set.
Embodiment
Basic ideas of the present invention are the pressure access control right to the Database Systems table is set, and prevent that the object definition in the Database Systems table from being used by undelegated user.The pressure access control right here is meant authorizes and retrieves to control the visit to information through authority (SELECT, INSERT, UPDATE and DELETE).
As shown in Figure 1; The present invention is provided with in system's table of Database Systems and forces access control (MAC) strategy; Being the security official is provided with through the interface that calls Database Systems and the provide access control right to the Database Systems table; And policy information left in the Database Systems table, make the Database Systems table have corresponding pressure access control right.In the user accesses data storehouse during system's table; At first check the pressure access control right of Database Systems table; Uncommitted non-authority user can not visit this system's table, and the authority user who only obtains authorizing can visit this system's table, thereby the sensitive data in system's table is protected.
In the present invention, system's table of database comprises shared (shared) system's table and non-shared system table.They have all preserved database by the metamessage of sharing.The said system table forces access control policy that shared system table and non-shared system table are all carried out same control.
For the pressure access control policy of storage system table, at first need increase by four new Database Systems tables.Deposit respectively:
(access control _ SHCATALOG_ENFORCEMENT), this table is the shared system table to strategy on
shared system table referring to table 1:SYS_ pressure.
Row | Type | Describe |
POLICYID | OID | Strategy OID |
RELOID | OID | Table OID (must be system's table) |
Table 1SYS_ forces access control _ SHCATALOG_ENFORCEMENT
(access control _ SHCATALOG_ROW_LABEL), this table is the shared system table to each row safe class of
shared system table referring to table 2:SYS_ pressure.
Row | Type | Describe |
POLICYID | OID | Strategy OID |
RELOID | OID | Table OID (must be system's table) |
Table 2SYS_ forces access control _ CATALOG_ENFORCEMENT
(access control _ SHCATALOG_ENFORCEMENT), this table is non-shared system table referring to table 3:SYS_ pressure by the strategy on the protection system table.
Table 3SYS_ forces access control _ CATALOG_ROW_LABEL
(access control _ CATALOG_ROW_LABEL), this table is non-shared system table referring to table 4:SYS_ pressure by the safe class of each row in the protection system.
Table 4SYS_ forces access control _ SHCATALOG_ROW_LABEL
The interface that above-mentioned Database Systems provide is the Database Systems function, through the pressure access control information of Database Systems function setup Database Systems table.Specifically; The pressure access control information of Database Systems table is recorded in the strategy of Database Systems table (SYS_ forces in the access control _ SHCATALOG_ENFORCEMENT), through the pressure access control of system function REMOVE_SYS_CATALOG_POLICY cancellation to the Database Systems table through increasing system function APPLY_SYS_CATALOG_POLICY.
Fig. 2 has shown the operation steps of the Database Systems table being used the pressure access control policy.This step specifically comprises:
(1) judges whether the pressure access control policy that is employed exists, if the pressure access control policy exists then gets into step 2;
(2) judge to be employed to force the Database Systems table of access control policy whether to exist; If exist then get into step 3;
(3) judge whether the table that is employed the pressure access control policy is system's table, if system's table then gets into step 4; If not system's table, can not use through this method and force access control policy, process ends;
(4) judge to force access control policy whether to be repeated to rely on, promptly to force access control policy whether to be applied on this system's table,, then can set up dependence, to get into step 5 if be not applied on this system's table; If force access control policy to be applied on system's table, can not repeat to set up dependence, then process ends;
(5) judge that system's table of setting up dependence is that the shared system table also is non-shared system table; If shared system table; (SYS_ forces in the access control _ SHCATALOG_ENFORCEMENT) then will to force access control policy and the Table I D of system to write strategy on the shared system table; If be non-shared system table, then will force access control policy to write that (SYS_ forces in the access control _ SHCATALOG_ENFORCEMENT) by the strategy on the protection system table.
Fig. 3 has shown the operation steps that the Database Systems table is removed the pressure access control policy.This step specifically comprises:
(1) judges whether the tactful system's table that is cited exists, if this table does not exist, then can not continue to carry out flow process, produces false alarm;
(2) whether the judgement pressure access control policy that need remove exists, if do not exist, then is illegal operation;
(3) judge that the Database Systems table that is cited is system's table of what type; If shared system table; The operand of then following execution flow process is that (SYS_ forces access control _ SHCATALOG_ENFORCEMENT) for strategy on the shared system table; If be non-shared system table, the operand of then following execution flow process is that (SYS_ forces access control _ SHCATALOG_ENFORCEMENT) by the strategy on the protection system table;
(4) check whether this pressure access control policy produces dependence with the Database Systems table; Promptly force access control policy to be applied on the Database Systems table; If force access control policy not to be applied on the Database Systems table, this is operating as illegal operation.
(5) whether judge mark can be eliminated, if can be eliminated and meet above condition, then removes Database Systems table and the dependence of forcing access control policy, also removes label (mark) information in the corresponding safe class simultaneously; If can not be eliminated then directly end.
In that the Database Systems table is used or removed in the process of forcing access control policy, the safety label of the row in the corresponding system table need be set.At this moment, owing to adopted the security management mechanism (specifically can be referring to application number 200610019230.8 Chinese invention patent application) of separation of the three powers, the user can not make amendment to the Database Systems table through the UPDATE statement.Therefore; For the row in the Database Systems table that has existed; Can use function S ET_SYS_CATALOG_ROW_LABEL that the mark of row is adjusted accordingly; And update strategy (SYS_ pressure access control _ SHCATALOG_ROW_LABEL or SYS_ pressure access control _ CATALOG_ROW_LABEL), corresponding safety label is set.
Fig. 4 has shown the operation steps of the safety label that the row in the corresponding system table is set.This step specifically comprises:
(1) whether judgement needs the pressure access control policy of deletion to exist, if do not exist, then is illegal operation;
Whether system's table of (2) judging the strategy that is cited system's table, judges simultaneously whether this table exists, if this table does not exist or be not system's table, then can not continue to carry out flow process, the generation false alarm;
(3) judge whether rational class information;
(4) judge whether it is system's table of sharing, for dissimilar system's tables, following flow process will be transferred to the different security table of grading;
(5) judge whether the pressure access control policy is used, if do not use, then end operation if use, then goes to step (6) on the goal systems table;
(6) be provided with in the corresponding system table based on the safety label of going.
After the pressure access control policy is applied to the Database Systems table; When the user conducts interviews to the Database Systems table through common SQL query; RTE in the traversal queries request (RTU) becomes the Database Systems table to inquire about be connected (JOIN) that force access control policy system table with wherein replacing (query rewrite) about the RTE inquiry of Database Systems table.
Database Systems need be carried out dereference to the Database Systems table in order to accomplish specific query function in operational process, obtain object definition.To dissimilar SQL statements, carry out based on the inspection of forcing access control policy in its porch.The user is when direct accessing database system table, and the pressure access control right of inspection Database Systems table is only to the open authority of authorized user.The user is in visit during certain Database Systems table, these operations can dereference other Database Systems table, therefore also need check the pressure access control right of other Database Systems table, only to the open authority of authorized user.
Specifically, the pressure access control policy of Database Systems table is the read right of control system table definition not, only controls the access limit of subscriber's meter definition.The user needs write data storehouse system table when creating object, preserve definition of object that the active user creates, and is equivalent to the Database Systems table is carried out INSERT (insertion) operation.At this moment generate legal safety label for the record that inserts.This safety label comes from active user's row labels, but does not check whether the user has read right to system's table definition.In fact the user can carry out SELECT (selection) operation to the definition of Database Systems table indirectly in to certain object executable operations, need this moment the user that object definition is had read right, but on the Database Systems table definition of correspondence, read right needn't be arranged.During to object modification, deletion (write object definition, be equivalent to system's table is carried out the UPDATE/DELETE operation), do not need the read right of object definition, but need the write permission of object.
More than force the method for access control to carry out detailed explanation to the provided by the present invention Database Systems table is provided with.To those skilled in the art, any conspicuous change of under the prerequisite that does not deviate from connotation of the present invention, it being done all will constitute to infringement of patent right of the present invention, with corresponding legal responsibilities.
Claims (10)
1. one kind is provided with the method for forcing access control to the Database Systems table, it is characterized in that comprising the steps:
(1) judges whether the pressure access control policy that is employed exists, if the pressure access control policy exists then gets into step (2);
(2) judge to be employed to force the Database Systems table of access control policy whether to exist; If exist then get into step (3);
(3) judge whether the table that is employed the pressure access control policy is system's table, if system's table then gets into step (4); If not system's table, then process ends;
(4) judge to force access control policy whether to be repeated to rely on, promptly to force access control policy whether to be applied on this system's table,, then can set up dependence if be not applied on this system's table; If force access control policy to be applied on system's table, then process ends.
2. as claimed in claim 1 the Database Systems table is provided with the method for forcing access control, it is characterized in that also comprising the steps:
Judge that system's table of setting up dependence is that the shared system table also is non-shared system table; If shared system table; Then will force access control policy and the Table I D of system to write in the strategy on the shared system table; If be non-shared system table, then will force access control policy to be write by in the strategy on the protection system table.
3. as claimed in claim 2 the Database Systems table is provided with the method for forcing access control, it is characterized in that,
Through the pressure access control information of Database Systems function setup Database Systems table, the pressure access control information of Database Systems table is recorded in the strategy of Database Systems table.
4. as claimed in claim 2 the Database Systems table is provided with the method for forcing access control, it is characterized in that also comprising the operation steps of the safety label that the row in the corresponding system table is set.
5. as claimed in claim 4 the Database Systems table is provided with the method for forcing access control, it is characterized in that the said operation steps that the safety label of the row in the corresponding system table is set comprises:
(11) whether judgement needs the pressure access control policy of deletion to exist, if exist then get into next step; If do not exist, process ends;
(15) judge whether the pressure access control policy is used on the goal systems table, if do not have application, then process ends; If use, then go to next step;
(16) be provided with in the corresponding system table based on the safety label of going.
6. as claimed in claim 5 the Database Systems table is provided with the method for forcing access control, it is characterized in that between step (11) and step (15), also comprising the steps:
(12) judge whether the system's table be employed strategy is system's table, judge simultaneously whether this table exists, if this table does not exist or be not system's table, process ends then, otherwise entering next step.
7. as claimed in claim 6 the Database Systems table is provided with the method for forcing access control, it is characterized in that between step (12) and step (15), also comprising the steps:
(13) judge whether rational class information, if then get into next step, if not process ends then.
8. as claimed in claim 7 the Database Systems table is provided with the method for forcing access control, it is characterized in that between step (13) and step (15), also comprising the steps:
(14) judge whether it is system's table of sharing, for dissimilar system's tables, following flow process will be transferred to the different security table of grading.
9. as claimed in claim 5 the Database Systems table is provided with the method for forcing access control, it is characterized in that also comprising the Database Systems table is removed the step of forcing access control policy:
(21) judge whether the system's table be employed strategy exists, if this table does not exist, process ends then; If should exist by table, then get into next step;
(22) whether the judgement pressure access control policy that need remove exists, if do not exist, and process ends then; If exist then get into next step;
(24) check whether this pressure access control policy produces dependence with the Database Systems table, if force access control policy not to be applied on the Database Systems table this process ends; If produced dependence, then get into next step;
(25) remove Database Systems table and the dependence of forcing access control policy, also remove the label information in the corresponding safe class simultaneously.
10. as claimed in claim 9 the Database Systems table is provided with the method for forcing access control, it is characterized in that between step (22) and step (24), also comprising the steps:
(23) judge that the Database Systems table that is cited is system's table of what type; If shared system table; Then the operand of following flow process is the strategy on the shared system table, if be non-shared system table, then the operand of following flow process is by the strategy on the protection system table; Get into next step then.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110433709.7A CN102521385B (en) | 2011-12-21 | 2011-12-21 | Method for setting forced access control on database system graph |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110433709.7A CN102521385B (en) | 2011-12-21 | 2011-12-21 | Method for setting forced access control on database system graph |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102521385A true CN102521385A (en) | 2012-06-27 |
CN102521385B CN102521385B (en) | 2015-06-03 |
Family
ID=46292298
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110433709.7A Active CN102521385B (en) | 2011-12-21 | 2011-12-21 | Method for setting forced access control on database system graph |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102521385B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105357201A (en) * | 2015-11-12 | 2016-02-24 | 中国科学院信息工程研究所 | Access control method and system for object cloud storage |
CN105512569A (en) * | 2015-12-17 | 2016-04-20 | 浪潮电子信息产业股份有限公司 | Database security reinforcing method and device |
CN106293875A (en) * | 2016-08-04 | 2017-01-04 | 中国联合网络通信集团有限公司 | The creation method of a kind of Docker container and the system of establishment |
CN108322432A (en) * | 2017-12-14 | 2018-07-24 | 中国科学院信息工程研究所 | A kind of mechanism application rights management method and service system based on tree-like tissue model |
CN112613075A (en) * | 2020-12-31 | 2021-04-06 | 北京安华金和科技有限公司 | Permission determination method and device, storage medium and electronic device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101075254A (en) * | 2007-06-08 | 2007-11-21 | 北京神舟航天软件技术有限公司 | Autonomous access control method for row-level data of database table |
-
2011
- 2011-12-21 CN CN201110433709.7A patent/CN102521385B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101075254A (en) * | 2007-06-08 | 2007-11-21 | 北京神舟航天软件技术有限公司 | Autonomous access control method for row-level data of database table |
Non-Patent Citations (1)
Title |
---|
吴飞林等: "基于MySQL的可定制强制访问控制的研究与实现", 《计算机应用研究》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105357201A (en) * | 2015-11-12 | 2016-02-24 | 中国科学院信息工程研究所 | Access control method and system for object cloud storage |
CN105357201B (en) * | 2015-11-12 | 2019-04-16 | 中国科学院信息工程研究所 | A kind of object cloud storage access control method and system |
CN105512569A (en) * | 2015-12-17 | 2016-04-20 | 浪潮电子信息产业股份有限公司 | Database security reinforcing method and device |
CN106293875A (en) * | 2016-08-04 | 2017-01-04 | 中国联合网络通信集团有限公司 | The creation method of a kind of Docker container and the system of establishment |
CN108322432A (en) * | 2017-12-14 | 2018-07-24 | 中国科学院信息工程研究所 | A kind of mechanism application rights management method and service system based on tree-like tissue model |
CN108322432B (en) * | 2017-12-14 | 2020-05-22 | 中国科学院信息工程研究所 | Organization application authority management method and service system based on tree organization model |
CN112613075A (en) * | 2020-12-31 | 2021-04-06 | 北京安华金和科技有限公司 | Permission determination method and device, storage medium and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN102521385B (en) | 2015-06-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7856436B2 (en) | Dynamic holds of record dispositions during record management | |
KR100820306B1 (en) | Security system using the data masking and data security method thereof | |
US8429191B2 (en) | Domain based isolation of objects | |
US8027993B2 (en) | Techniques for establishing and enforcing row level database security | |
US8983985B2 (en) | Masking sensitive data of table columns retrieved from a database | |
US8386448B2 (en) | Methods, systems, and computer program products for providing a generic database security application using virtual private database functionality with a common security policy function | |
US7752179B1 (en) | Method and system for extracting consistent disjoint set membership from multiple inconsistent data sources | |
US10262159B2 (en) | Privileged user access monitoring in a computing environment | |
US9129129B2 (en) | Automatic data protection in a computer system | |
CN102521385A (en) | Method for setting forced access control on database system graph | |
RU2591170C2 (en) | Encrypted data management system and method | |
US8452741B1 (en) | Reconciling data retention requirements | |
JP2006179009A (en) | Protected view for crm database | |
US9430490B1 (en) | Multi-tenant secure data deduplication using data association tables | |
CN108965208A (en) | Log audit method based on correlation analysis | |
US20130185280A1 (en) | Multi-join database query | |
JP2020057416A (en) | Method and device for processing data blocks in distributed database | |
CN105160273A (en) | Knowledge management method based on access control and intelligent retrieval | |
US8965879B2 (en) | Unique join data caching method | |
Grachev et al. | Data security mechanisms implemented in the database with universal model | |
US7885976B2 (en) | Identification, notification, and control of data access quantity and patterns | |
US20140052703A1 (en) | Gap Detection in a Temporally Unique Index in a Relational Database | |
US9330276B2 (en) | Conditional role activation in a database | |
US6768985B1 (en) | Method and apparatus for administration of database partitions | |
US20050216463A1 (en) | Database system and method with improved locks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |