A system and method for facilitating secure access to database(s) is
provided. The system relates to authorizing discriminatory access to
relational database data. More particularly, the invention provides for
an innovative technique of defining secured access to rows in relational
database tables in a way that cannot be spoofed while preserving various
optimization techniques. The invention affords a persistent scheme via
providing for a security architecture whereby discriminatory access
policies on persistent entities can be defined and enforced while
preserving set based associative query capabilities.A particular aspect
of the invention relates to the specification of such policies and the
technique by which those policies are enforced. With respect to one
particular implementation of the invention, creation, modification and
deletion of access control lists called security descriptors is provided.
The security descriptors can be provisioned independent of rows in tables
of the database and can be shared and embody the policy on what
permissions are granted to whom when associated with a row.