Browse Prior Art Database

Support of Column Privileges in SQL

IP.com Disclosure Number: IPCOM000109510D
Original Publication Date: 1992-Sep-01
Included in the Prior Art Database: 2005-Mar-24
Document File: 2 page(s) / 105K

Publishing Venue

IBM

Related People

Boykin, JR: AUTHOR

Abstract

Disclosed is a method for supporting column level privileges in an SQL implementation.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Support of Column Privileges in SQL

       Disclosed is a method for supporting column level
privileges in an SQL implementation.

      Both the IBM mainframe database products (DB2* and SQL/DS*) and
the proposed ISO SQL standard support column level privileges.  The
IBM mainframe products support the UPDATE column privilege.  The
proposed ISO standard supports the UPDATE, INSERT and REFERENCES
columns privileges.

      The OS/2* Extended Services 2.0 Database Manager and AIX*
Database Manager also will support column privileges.  In the first
release supporting column privileges, only the UPDATE column level
privilege will be supported.  However, the design in the Extended
Services 2.0 Database Manager and AIX Database Manager also supports
the INSERT, REFERENCES and SELECT column privileges.

      In the current IBM mainframe products supporting column
privileges, the UPDATE privileges for a column are stored in a system
catalog with a primary key being the fully qualified column name with
the GRANTOR, GRANTEE and timestamp of the privilege.  A column is
also supported in the corresponding authorization system catalog for
the table signifying whether the table privilege is further broken
down by column privileges.  However, this field is strictly a binary
field, thereby supporting at most one privilege.  The design is not
easily extendible to multiple column-level privileges.

      In order to support multiple column-level privileges in the
Extended Services 2.0 Database Manager in a higher-performing manner,
it was determined all table-level privileges which can be further
broken down into column-level privileges should somehow be
represented within one field of the table authorization system
catalog.

      Current table privileges with their corresponding bit maps
follow:
     Control     0x0001
     Alter       0x0002
     Delete      0x0004
     Index       0x0008
     Insert      0x0010
     Select      0x0020
     Update      0x0040
     References  0x0080
Of the above-mentioned table privileges, the following are
supportable at the column level:
     Insert      0x0010
     Select      0x0020
     Update      0x0040
     References  0x0080
AB...