| 主权项 |
1. A computer-implemented method of controlling access to a relational database, comprising:
receiving, by using a computer system, a user request for data from the database, the request including a request to perform a database operation and a user security label; determining whether a security label column is included in a table of the database, the security label column storing, in each row of the table, a security label, which indicates a security level required by a user of the user request to access the data contained in the respective row in the table; and automatically activating a mandatory security enforcement mechanism, independent of the database operation to access the database, as a result of determination that the security label column is included in the table of the database; wherein the mandatory security enforcement mechanism is automatically activated independent of creating a view based on the database operation to access the database; the mandatory security enforcement mechanism including: determining user security information from the user security label; determining row security information for each row from the security label column in each row; comparing the user security information and the row security information; retrieving rows of data from the table in the database based on the result of the comparison; and returning only the rows for which the user is determined to have authorization to access for performing the database operation on the rows. |
