| US 7,593,942 B2 | ||
| Mandatory access control base | ||
| Patrick Sack, Ashburn, Va. (US); Edward Austin, Ashburn, Va. (US); and Scott Gaetjen, Plano, Tex. (US) | ||
| Assigned to Oracle International Corporation, Redwood Shores, Calif. (US) | ||
| Filed on Aug. 29, 2005, as Appl. No. 11/212,663. | ||
| Claims priority of provisional application 60/640052, filed on Dec. 30, 2004. | ||
| Claims priority of provisional application 60/676315, filed on May 02, 2005. | ||
| Prior Publication US 2006/0248083 A1, Nov. 02, 2006 | ||
| Int. Cl. G06F 17/30 (2006.01) | ||
| U.S. Cl. 707—9 | 27 Claims |
| 1. A database system comprising:
a plurality of database objects, each database object having an individual level of security;
a plurality of factors, each factor representing a characteristic of a user of the database system;
a plurality of rules, each rule defining a limitation on operation of the database system by the user based on at least one
of the plurality of factors and based on attributes of data to be operated on, including the individual level of security
of the database object of the data to be operated on; and
a plurality of realms, each realm defining a privilege of the user of the database system relative to a schema of the database
system, wherein each realm comprises a logical grouping of database schemas, and further comprises associations to at least
one of the database schemas, at least one user account, and at least one database role;
wherein the database system is operable to grant or deny access to data to a user based on the factors associated with the
user, based on the rules satisfied by the factors associated with the user and the attributes of the data, and based on the
realm associated with the user.
|