| 摘要 |
The present invention relates to a system, method and computing apparatus to isolate a database in a database system. The disclosure of the present invention enables more efficient and more secured implementation of “database isolation” in a multi-tenant or multi-user database system storing service data belonging to different users. The user identifier(s) are extracted from the default database, creating a user table according to the extracted user identifier(s), creating a service table in the main database with owner user identifier column and owner group identifier column inserted, it can efficiently create view to a user when the user requests to access the service data which the user owns or the user is authorized to access. The created service table with owner user identifier column and owner group identifier column inserted achieve database isolation at database level, and the created view achieves database isolation at application level. |
| 主权项 |
1. A system adapted to isolate a database in a database system, comprising:
a computing apparatus, configured to perform the following upon receipt of input commands from an operating user: fetching, a user identifier and a set of user parameters of each current user in the database system from a default user table; fetching a group identifier of each current user from a group table in a main database; creating, a user table for storing all the fetched user identifiers, all the fetched group identifiers and the user parameters of the current users; fetching, the user identifier and the group identifier from the user table corresponding to a user name input by the operating user upon login in to the system; creating, a plurality of service tables respectively from a plurality of predetermined tables stored in an application database in the main database; inserting, into each of the created service tables, a user column which stores owner user identifiers corresponding to each of the stored user identifiers and a group column which stores owner group identifier corresponding to each of the stored group identifiers; determining, the operating user at run time and fetching at least one row corresponding to the operating user from each of the created service tables according to the owner user identifier and the owner group identifier of the operating user; creating, a view for each of the created service tables based on the fetched at least one row of the operating user and one of the input commands; and presenting to the operating user, the created views containing service data originally stored in the tables of the application database. |
