| CPC G06F 21/6227 (2013.01) [G06F 16/24542 (2019.01); G06F 16/2455 (2019.01)] | 17 Claims |
|
1. A computer-implemented method comprising:
receiving, by a database system, a first security syntax, wherein the first security syntax is database native and comprises for a first subset of data in the database system a first definition of the subset of data and a first rule to manage the first subset of data;
receiving, in response to the receiving the first security syntax and by the database system, a query, wherein the query is received from a host, the query is configured to obtain a set of data from the database system, and the query is generated by a first user account;
generating an access plan for the query, wherein the access plan is a set of commands to obtain the set of data including the first subset of data;
comparing the access plan to a privacy policy, wherein the privacy policy is defined based on the first security syntax;
determining a first portion of the access plan matches the privacy policy;
injecting, in response to determining the first portion of the access plan matches the privacy policy, the first rule to manage the first subset of data of the first security syntax into the access plan, wherein the injecting alters the access plan to return an altered set of results;
executing, based on the altered access plan, the query; and
returning the altered set of results of the query to the host.
|