Method of transforming database system privileges to object privileges

摘要

Coarse-grained system-wide database privileges are transformed into new finer-grained database object privileges that are user-centric and specific to particular objects by creating an object class defining certain generic operations on objects, and defining within the object class a new object that embodies permissible actions on a particular database object. The new object is stored in a catalog table that comprises an object privilege table and is associated in the object privilege table with a consolidated grouping of object privileges of users relative to the new object.

主权项

1. A method for managing access privileges to objects in a database system, comprising:
determining by a processor, from system privileges of a plurality of users applicable to an object type, a set of permissible generic operations applicable to a particular object of that object type; creating a new object class that encapsulates said set of permissible generic operations as object privileges; creating a new object corresponding to said particular object within said new object class; selectively granting individual users of said plurality of users certain ones of said object privileges to said new object based upon each individual user's system privileges applicable to said object type; and storing in said database system said object privileges of said each individual user to said new object, said object privileges of said each individual user being stored with object privileges of other users to said new object, wherein storing said object privileges of said each individual user to said new object comprises:
listing said new object in an object class table; andstoring, in the object class table, a consolidated listing of different object privileges for each said individual users in association with the new object listing.