Access control list (ACL) generation for replicated data

摘要

In one embodiment, a method replicates data from a first database system to a second database system. A trigger table associated with the first database system is determined. The trigger table includes information for rows in tables of the first database system relevant to authorizations in the first database system. The method generates an access control list (ACL) report from the trigger table. The ACL report includes information for setting ACL rules for the second database system. An access context is determined for an entity from the ACL report. The method then generates an ACL rule based on the access context to restrict access to the replicated data in the second database system to users associated with the access context.

主权项

1. A computer implemented method comprising:
replicating data from a first database system to a second database system, wherein the first database system includes authorizations without regard to entities to restrict access to data in the first database system and the second database system includes access control list (ACL) rules with regard to entities to restrict access to data in the second database system; determining a trigger table associated with the first database system, the trigger table including information for rows in tables of the first database system relevant to authorizations in the first database system, and wherein the trigger table comprises an identification to a first table associated with the first database system in which the data was replicated, an ACL field, and an ACL value; generating an access control list (ACL) report from the trigger table, the ACL report including information for setting ACL rules for the second database system; determining an access context for an entity from the ACL report, wherein the access context describes an organization in the entity; and generating an ACL rule based on the access context to restrict access to the replicated data in the second database system to users associated with the access context, wherein an authorization for the data in the first database system is transformed into the ACL rule based on the access context in the second database system, and wherein the ACL rule is added as a dependent object to a second table in the second database system.