主权项 |
1. A computer-implemented method of controlling access to a relational database, comprising:
receiving, by using a computer system, a user request for data from the database, the user request including a request to perform a database operation and a user security label; determining whether a security label column is included in a table of the database, the security label column storing, in each row of the table, a security label, which indicates a security level required by a user of the user request to access the data contained in a respective row in the table, wherein the security label further indicates a security category within the security level; and automatically activating a mandatory security enforcement mechanism, independent of the database operation to access the database, as a result of determination that the security label column is included in the table of the database, wherein the mandatory security enforcement mechanism is automatically activated independent of creating a view based on the database operation to access the database; the mandatory security enforcement mechanism including: determining user security information from the user security label, wherein the user security label is one of plurality of security labels arranged in a hierarchy of security levels, each security level of the security levels is associated with one or more privileges; determining row security information for each row from the security label column in each row; comparing the user security information and the row security information; retrieving rows of data from the table in the database based on the result of the comparison; and returning only the rows for which the user is determined to have authorization to access for performing the database operation on the rows. |