INTEGRATING A USER'S SECURITY CONTEXT IN A DATABASE FOR ACCESS CONTROL

摘要

Techniques are provided for integrating application-level user security context with a database. A session manager, in a middle tier that includes an application, obtains the security context of a user and establishes, in the database, a light-weight session (LWS) that reflects the security context. The security context is synchronized between the middle tier and database before application code execution. The database maintains an isolated copy of the LWS for the unit of application code executed as the security context. The database sends to the session manager the identifier of the copy of LWS. Before allowing a request from an application to be sent to the database, the session manager, transparent to the application, inserts an identifier that identifies the LWS. In this way, the database processes an application request in the context of the corresponding user's security context that is the same as the security context in the middle tier.

主权项

1. A method comprising:
identifying, by a session manager in a middle tier that includes an application, security context data that indicates one or more roles of a requesting entity; sending, by the session manager, to a database system, the security context data; wherein the database system creates a session to include the security context data; after sending the security context data, receiving, by the session manager, from the application, a request that targets data stored in the database system; before sending the request to the database system, inserting, into the request to create a modified request, a session identifier that identifies the session; sending the modified request to the database system; wherein the method is performed by one or more computing devices.