摘要 |
A security mediator system is used in a computer system having a database of information to be shared with authorized users in accordance with pre-defined constraints. A rules database stores rules, including query pre-processing rules and query results post-processing rules. The rules database includes data for specifying, for each of a plurality of specified groups of users, which of the rules in the rules database are applicable to queries received from users in each of the groups. A query pre-processing module applies to each received query all pre-processing rules in the rules database applicable to the query in accordance with the identified user who submitted the query. If any applicable rule is not passed, the query is blocked; otherwise execution of the query is enabled. A database access module executing each enabled query to produce a corresponding result. A post-processing module applies to the results all post-processing rules in the rules database applicable to the executed query. If any applicable rule is not passed, transmission of the results is blocked; otherwise transmission of the results to the identified user is enabled. A security officer module processes blocked queries and blocked results, enabling a security officer to review blocked queries and blocked results, and to either confirm the blocking determination or override it.
|