| CPC G06F 21/6227 (2013.01) [G06F 21/604 (2013.01); G06F 21/6218 (2013.01); H04L 63/10 (2013.01); H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/101 (2013.01); H04L 63/104 (2013.01); H04L 63/107 (2013.01)] | 24 Claims |
|
1. A method comprising:
generating a set of secure roles that define a role hierarchy, wherein for each secure role of the set of secure roles:
the secure role comprises an object assigned to a user;
privileges on database objects are granted to the secure role via the object; and
only a role that owns the secure role can grant any privilege to the secure role or modify any privilege granted to the secure role;
generating an inherited grant that specifies a permission on a first type of object and a grant of the permission to a first secure role of the set of secure roles;
in response to a role other than the role that owns the first secure role attempting to grant a privilege to the first secure role or modify a privilege granted to the first secure role, denying the attempt to preserve the role hierarchy;
in response to a first object of a set of objects of the first type being referenced via the first secure role, creating a virtual implied grant based on the inherited grant; and
authorizing utilization of the permission on the first object using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.
|