| CPC G06F 21/6227 (2013.01) [G06F 12/1491 (2013.01); G06F 16/21 (2019.01); G06F 16/284 (2019.01)] | 20 Claims |
|
1. A computer-implemented method for row-level security in database systems, the method being executed by one or more processors and comprising:
receiving, by a database system, a query request comprising authorization data and a query, the authorization data indicating a privilege level index determined from an authorization data table comprising one of a set of roles and a set of groups within an enterprise;
determining, by the database system, a set of row ranges based on the privilege level index and a row range table, the set of row ranges comprising one or more row ranges having a privilege level associated therewith in the row range table, each row range corresponding to a respective privilege level and comprising a start row and an end row to account for all rows located between the start row and the end row inclusive;
providing, by the database system, an initial results set comprising one or more records of a data table that are determined to be responsive, records in the data table being ordered based on privilege level;
determining, by the database system, a final results set comprising at least one record of the initial results set, the at least one record being included in the final results set in response to determining that the at least one record is included in a row range of the set of row ranges; and
outputting, by the database system, the final results set as at least a portion of a query result.
|