Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method for Controlling Access on Particular Fields in an XML/JSON Document in a Database

IP.com Disclosure Number: IPCOM000243600D
Publication Date: 2015-Oct-05
Document File: 2 page(s) / 104K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method is disclosed for controlling access on particular fields in an Extensible Markup Language (XML)/ JavaScript Object Notation(JSON) document in a database.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Method for Controlling Access on Particular Fields in an XML/JSON Document in a Database
Generally, companies store JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents in a database. However, there is difficulty in providing security control on particular fields inside the JSON or XML document. For example, if employee information is stored in an XML document in an XML column in the database, the following code is used:

Only a manager is allowed to see the salary, while a secretary may not be allowed see

the salary and the Social Security Number (SSN) field is masked. For example, for employee id=123, a secretary can see the following:

A common approach is to extract the salary field from the XML/JSON columns and store the value (salary) in a separate relational column and then a column mask is applied on a relational column. However, there is an extra step involved to extract value during insert/load/update process. Further, an extra effort is required to keep the relational column value in synchronization with the values inside the XML/JSON documents. Extra storage is also required to store the relational column.

Disclosed is a method and system for controlling access on particular fields in an XML/JSON document in a database. The method and system stores access control information in a catalog which is similar to existing role based access control mechanism. Unauthorized data and any mask requirement during materialization are determined, not only to avoid materialization of unauthorized data but also to mask the data on the fly.

Consider the same scenario where employee information is stored in an XML document in an XML column in a database. The method and system creates a mask on '/dept/employee/salary'. The syntax is as follows:

S1:


CREATE MASK SALARY_COLUMN_MASK ON EM...