Abstract: Techniques are provided for access control in a system. A request is received for checking whether a subject has a privilege for a resource. A security class that defines a plurality of privileges that include the requested privilege is determined. One or more access control lists have been configured for the security class. The one or more access control lists comprise one or more access control entries. Each of the one more access control entry defines whether one or more subjects has been granted or denied to zero, one or more of the plurality of privileges defined in the security class. Based on the access control lists configured for the security class, it is determined whether the subject should be granted the privilege for the requested resource.

Abstract: Techniques are provided for a database server to identify a query that comprises an access check operator specifying a data access control policy, and if so, to re-write the query to produce an optimized query execution plan. A first technique rewrites a query comprising an access check operator based on the privileges associated with the database principal requesting the query. The rewritten query exposes the access predicates relevant to the requesting principal to subsequent database optimization processes. A second technique rewrites a query comprising an access check operator that specifies a data security policy that does not include a denied privilege. A third technique rewrites a query that comprises an access check operator specifying one or more database table columns that store row-specific access control lists. The rewritten queries are used to generate a query execution plan that provides for several query execution optimizations.

Abstract: The present disclosure provides compositions and methods useful for treating viral infections. As described herein, the compositions and methods are based on the development of immunogenic compositions that include an attenuated or inactivated virus in combination with a non-ionic surfactant vesicle (NISV).

Abstract: A method and storage media for performing access resolution using ACL types is provided. Under an AND semantic, an intersection set formed from the types of multiple ACLs protecting a resource may be utilized to efficiently determine whether a request for a privilege to access the resource is granted or denied. If the privilege is not a member of the intersection set, the privilege cannot be granted. A union set may be used for an OR semantic. A global ACL type may represent all privileges system-wide or application-wide. A global ACL may represent a system-wide or application-wide access policy. A conjunction of a global ACL and a regular ACL may be stored in a cache. The union set, intersection set, or access resolution may also be cached for subsequent request processing.

Abstract: Techniques are provided for access control in a system. A request is received for checking whether a subject has a privilege for a resource. A security class that defines a plurality of privileges that include the requested privilege is determined. One or more access control lists have been configured for the security class. The one or more access control lists comprise one or more access control entries. Each of the one more access control entry defines whether one or more subjects has been granted or denied to zero, one or more of the plurality of privileges defined in the security class. Based on the access control lists configured for the security class, it is determined whether the subject should be granted the privilege for the requested resource.

Abstract: A method and storage media for performing access resolution using ACL types is provided. Under an AND semantic, an intersection set formed from the types of multiple ACLs protecting a resource may be utilized to efficiently determine whether a request for a privilege to access the resource is granted or denied. If the privilege is not a member of the intersection set, the privilege cannot be granted. A union set may be used for an OR semantic. A global ACL type may represent all privileges system-wide or application-wide. A global ACL may represent a system-wide or application-wide access policy. A conjunction of a global ACL and a regular ACL may be stored in a cache. The union set, intersection set, or access resolution may also be cached for subsequent request processing.

Abstract: Embodiments of the present invention provide systems and techniques for creating, updating, and using an ACL (access control list). A database system may include a constraining ACL which represents a global security policy that is to be applied to all applications that interact with the database. By ensuring that all ACLs inherit from the constraining ACL, the database system can ensure that the global security policy is applied to all applications that interact with the database. During operation, the system may receive a request to create or update an ACL. Before creating or updating the ACL, the system may modify the ACL to ensure that it inherits from the constraining ACL. In an embodiment, the system grants a privilege to a user only if both the ACL and the constraining ACL grant the privilege.