摘要 |
One embodiment of the present invention provides a system that facilitates compartmentalized user management in a database system. This database system is compartmentalized into a plurality of domains that are insulated from each other, so that a given user who has access to data within an associated domain does not have access to data in other domains. Upon receiving a request from a database administrator to perform an operation on a user within the database system, the system identifies a domain that the user is associated with in the database system. Next, the system determines whether the database administrator is authorized to modify users associated with the domain. If so, the system performs the operation by modifying an entry for the user within a user table in the database system that contains an entry for each user of the database system. In one embodiment of the present invention, the operation on the user can include: creating the user within the database system; altering the domain that the user is associated with in the database system; and dropping the user from the database system.
|