Abstract: One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.

Abstract: Techniques for identifying unused privileges are provided. Database accesses are monitored to generate privilege usage data. Privilege usage data for each database access may indicate a user, a utilized privilege, an object that is the target of the privilege, and a role to which the privilege is granted. The privilege usage data is compared to database authorization data that indicates all (or a subset) of granted privileges. A result of the comparison is unused privilege data that indicates what granted privileges were not utilized. A role graph may be generated that indicates one or more privileges that were utilized and one or more privileges that were not utilized along with role paths providing the privileges.

Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.

Abstract: Methods, machines, and stored instructions are provided for determining hierarchical paths to nodes based on stored information about the nodes. A node analyzer analyzes a hierarchy to create mappings that represent the hierarchy. The mappings may include a “parent mapping” that maps selected-level nodes to parent nodes of the selected-level nodes, and a “path mapping” that maps a plurality of nodes other than the selected-level nodes to a plurality of paths, within the hierarchy, to the plurality of nodes. A path module then determines path(s) to specified node(s) at least in part by mapping the specified node(s) to particular parent node(s) of the specified node(s) using the parent mapping. The path module also maps the particular parent node(s) to particular path(s) using the path mapping. The information from the path and parent mappings may be assembled to form path(s) within the hierarchy to the specified node(s).

Abstract: Techniques for identifying unused privileges are provided. Database accesses are monitored to generate privilege usage data. Privilege usage data for each database access may indicate a user, a utilized privilege, an object that is the target of the privilege, and a role to which the privilege is granted. The privilege usage data is compared to database authorization data that indicates all (or a subset) of granted privileges. A result of the comparison is unused privilege data that indicates what granted privileges were not utilized. A role graph may be generated that indicates one or more privileges that were utilized and one or more privileges that were not utilized along with role paths providing the privileges.

Abstract: Methods, machines, and stored instructions are provided for determining hierarchical paths to nodes based on stored information about the nodes. A node analyzer analyzes a hierarchy to create mappings that represent the hierarchy. The mappings may include a “parent mapping” that maps selected-level nodes to parent nodes of the selected-level nodes, and a “path mapping” that maps a plurality of nodes other than the selected-level nodes to a plurality of paths, within the hierarchy, to the plurality of nodes. A path module then determines path(s) to specified node(s) at least in part by mapping the specified node(s) to particular parent node(s) of the specified node(s) using the parent mapping. The path module also maps the particular parent node(s) to particular path(s) using the path mapping. The information from the path and parent mappings may be assembled to form path(s) within the hierarchy to the specified node(s).

Abstract: A machine-implemented method and machine-readable media for transforming sensitive data in a database is provided. Sensitive data in the database are transformed based on a query context of a query. The query may also be transformed. The transformed query may be applied against the transformed sensitive data to construct a query result. The query result with the transformed sensitive data represents a lenticular view. The lenticular view represents a modified form of the sensitive data that an end-user is allowed access to.

Abstract: One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.

Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.

Abstract: One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.

Abstract: A machine-implemented method and machine-readable media for transforming sensitive data in a database is provided. Sensitive data in the database are transformed based on a query context of a query. The query may also be transformed. The transformed query may be applied against the transformed sensitive data to construct a query result. The query result with the transformed sensitive data represents a lenticular view. The lenticular view represents a modified form of the sensitive data that an end-user is allowed access to.

Abstract: One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.