Abstract: A method, system and computer program for implementing fine-grained access control (FGAC) of data stored in a dataset. In response to receiving a data query statement from a user, any representational index exclusions that are relevant to the data query statement are identified, wherein each index exclusion specifies an access restriction to the data. It is then determined whether any of the identified representational index exclusions are to be applied to the data query statement, and if ‘yes’ then the data query statement is modified before being processed, so that processing of the query takes place by searching the dataset under restriction of the representational index exclusions. The proposed approach allows for easy creation and modification of FGAC privacy rules without introducing performance gaps in processing the data query statements.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: As disclosed herein, a method includes receiving a plurality of datasets from a database, wherein each dataset comprises one or more data fields represented in a single data format, and wherein the data fields from at least two of the datasets are represented in different data formats, combining the plurality of datasets to provide a created data column corresponding to all of the data fields from the plurality of datasets, organizing the data column into data clusters, wherein each data cluster includes data fields represented in a single data format, and wherein each data field belongs to a data cluster, providing a key-value map referencing data fields with respect to their corresponding data formats, and verifying the database with respect to the created column. A corresponding computer program product and computer system are also disclosed.

Abstract: As disclosed herein, a method includes receiving a plurality of datasets from a database, wherein each dataset comprises one or more data fields represented in a single data format, and wherein the data fields from at least two of the datasets are represented in different data formats, combining the plurality of datasets to provide a created data column corresponding to all of the data fields from the plurality of datasets, organizing the data column into data clusters, wherein each data cluster includes data fields represented in a single data format, and wherein each data field belongs to a data cluster, providing a key-value map referencing data fields with respect to their corresponding data formats, and verifying the database with respect to the created column. A corresponding computer program product and computer system are also disclosed.

Abstract: Data structures stored on a source database are migrated to a destination database in which the data are structured in a different format than that of the source database. Dictionaries are stored that are based on representations of the data structures stored on the source database that are formatted in other than the structural format used on the source database for the data structures. One of the data structures and a corresponding one of the dictionaries are transferred from the source database to a destination database. The transferred data structure is loaded onto the destination database in accordance with the transferred dictionary.

Abstract: Evaluating integrity of database workloads includes receiving transactional database lock commands from concurrent users and identifying a usage pattern of lock actions when results of an execution of the transactional database lock commands match a usage pattern for a data integrity rule. The data integrity rule is added to a set of one or more data integrity rules for the transactional database lock commands. The transactional database lock commands and the set of one or more data integrity rules are forwarded from a primary database server to a duplicate database server that is equivalent to the primary database server and configured to execute the transactional database lock commands while applying the one or more data integrity rules. Anomalies indicating a data integrity problem may be detected based on a comparison of the results of the executions at the primary database server and the duplicate database server.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: Data structures stored on a source database are migrated to a destination database in which the data are structured in a different format than that of the source database. Dictionaries are stored that are based on representations of the data structures stored on the source database that are formatted in other than the structural format used on the source database for the data structures. One of the data structures and a corresponding one of the dictionaries are transferred from the source database to a destination database. The transferred data structure is loaded onto the destination database in accordance with the transferred dictionary.

Abstract: A computer-implemented method of a database statement for a relational database. The database comprises one or more tables comprising one or more data rows. A database statement is received. A set of predicates from the database statement and a set of data rows from the tables to use to generate the result of the database statement are determined. A set of interdiction statements applicable to one or more data rows is obtained. For each predicate, a set of masks applicable to one or more data rows is obtained, where for each mask, the data masked by the mask is used by the predicate. It is determined if a data row has an applicable interdiction statement, and contains data masked by a mask. If so, the result of the database statement without using the result of applying the predicate to the data row.

Abstract: A method, system and computer program for implementing fine-grained access control (FGAC) of data stored in a dataset. In response to receiving a data query statement from a user, any representational index exclusions that are relevant to the data query statement are identified, wherein each index exclusion specifies an access restriction to the data. It is then determined whether any of the identified representational index exclusions are to be applied to the data query statement, and if ‘yes’ then the data query statement is modified before being processed, so that processing of the query takes place by searching the dataset under restriction of the representational index exclusions. The proposed approach allows for easy creation and modification of FGAC privacy rules without introducing performance gaps in processing the data query statements.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: In one embodiment, a method of processing a structured query language (SQL) statement is provided, comprising: determining whether a first query and a second query are equivalent, the first and second queries being respectively the left side and the right side operands of the OUTER JOIN operation; determining whether a SELECT output of the SQL statement does not refer to database columns from the left side of the OUTER JOIN operation which are not also partitioning columns of the OUTER JOIN operation; and responsive to determining that the first query and the second query are equivalent and that the SELECT output of the SQL statement does not refer to database columns from the left side of the OUTER JOIN operation which are not also partitioning columns of the OUTER JOIN operation, transforming the SQL statement into an optimized query SQL statement by removing the OUTER JOIN operation.

Abstract: Disclosed is a computer-implemented method of compressing data in a columnar database comprising at least one column partitioned into a plurality of partitions including at least one empty partition and a plurality of filled partitions each comprising data entries associated with a set of parameters having parameter values relevant to the recurrence frequency of the data entry in the partition, the data entries being compressed in accordance with a compression dictionary based on the respective recurrence frequencies of the data entries in the filled partition.

Abstract: In one embodiment, a method of processing a structured query language (SQL) statement is provided, comprising: determining whether a first query and a second query are equivalent, the first and second queries being respectively the left side and the right side operands of the OUTER JOIN operation; determining whether a SELECT output of the SQL statement does not refer to database columns from the left side of the OUTER JOIN operation which are not also partitioning columns of the OUTER JOIN operation; and responsive to determining that the first query and the second query are equivalent and that the SELECT output of the SQL statement does not refer to database columns from the left side of the OUTER JOIN operation which are not also partitioning columns of the OUTER JOIN operation, transforming the SQL statement into an optimized query SQL statement by removing the OUTER JOIN operation.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for prioritizing test cases for relational database systems. The method includes identifying one or more data tables within a relational database. The method further includes identifying an exclusivity value for each of the one or more identified data tables. The method further includes calculating a table weight for each of the one or more identified data tables. The method further includes prioritizing the one or more identified data tables based on the respective calculated table weights. The method further includes identifying one or more sequences of database statements corresponding to the prioritized data tables, wherein a database statement is a command executed on one of the prioritized data tables. The method further includes prioritizing the one or more identified sequences based on the corresponding database statements.