Abstract: Embodiments are disclosed for managing and providing access to a collection of digital resources. One embodiment provides a method comprising receiving a request to access a resource for a principal and determining one or more principal groups to which the principal belongs. The method further comprises obtaining resource set membership information indicating a resource set to which the resource belongs, and obtaining resource set access policy information for the resource set to which the resource belongs. The method yet further comprises determining whether the principal is allowed to access the resource based on the principal group membership information and the resource set access policy information, and, if the principal is allowed to access the resource, then permitting access to the resource by the principal.

Abstract: Embodiments are disclosed for managing and providing access to a collection of digital resources. One embodiment provides a method comprising receiving a request to access a resource for a principal and determining one or more principal groups to which the principal belongs. The method further comprises obtaining resource set membership information indicating a resource set to which the resource belongs, and obtaining resource set access policy information for the resource set to which the resource belongs. The method yet further comprises determining whether the principal is allowed to access the resource based on the principal group membership information and the resource set access policy information, and, if the principal is allowed to access the resource, then permitting access to the resource by the principal.

Abstract: Described is a technology by which a user (or other entity) may be temporarily granted or denied permissions with respect to performing an upcoming a database operation. A “before” security policy trigger is executed prior to executing the database statement, so as to modify the user's security context (e.g., to add a role) prior to execution if information associated with the operation meets criteria defined in the policy trigger. The existing security system uses the (possibly modified) security context to determine whether to execute the database statement. The security context is reverted after the successful or unsuccessful execution of the database statement. The security policy trigger may also cause an error to be raised.