| CPC G06F 21/6218 (2013.01) [G06F 21/604 (2013.01)] | 19 Claims |
|
1. A method comprising,
accessing an object database, wherein objects stored within the object database correspond to separate SQL data tables;
creating a row-level security (RLS) policy for a primary object stored within the object database, wherein the RLS policy comprises
(i) an access control list specifying row-level access permissions and
(ii) a first plurality of SQL statements implementing the access control list;
searching a relationship database separate from the object database for a set of child relationships between a set of child objects and the primary object,
wherein the set of child objects corresponds to at least one SQL data table that requires access, via the RLS policy, to at least a portion of data stored in an SQL data table corresponding to the primary object,
wherein the relationship database stores relationship data for relationships between objects within the object database, and
wherein the relationship data is separate from data stored within the object database;
filtering, after the searching, the set of child relationships to identify a set of valid child relationships by
(i) determining whether each child relationship in the set of child relationships is valid or invalid, and
(ii) removing each invalid child relationship, wherein the determining is distinct from the removing,
wherein invalid child relationships include child relationships that are forbidden, circular, or duplicative;
identifying, within the object database, a set of valid child objects of the primary object based on the set of valid child relationships;
receiving a request to extend the RLS policy to the set of valid child objects; and
extending the RLS policy to the set of valid child objects.
|