Terminal user-based database fine-grained access control method

Abstract

The invention relates to a terminal user-based database fine-grained access control method, and belongs to the technical field of database safety protection. According to the method, legal terminal users are identified to stop illegal access users; and meanwhile, fine-grained access control rules are loaded to database access request sentences initiated by the terminal users so as to achieve fine-grained access request control ability for the terminal users. Through the access authority control realized by the method, identity authentication can be carried out on the terminal users, and column-level database fine-grained access control can be carried out on the terminal users without encrypting and decrypting the data, so that the database protection ability is effectively strengthened and the information system safety is maintained.

Description

technical field [0001] The invention relates to the technical field of database security protection, in particular to a fine-grained access control method for databases based on terminal users. Background technique [0002] With the development of information technology, databases have been more and more widely used in various industries. While carrying important data, the database has increasingly become an important attack target for criminals. In order to improve the security protection capability of the database, on the basis of the existing database security mechanism, fine-grained data access control can be carried out according to the different data access rights of different end users to enhance the ability of the database to resist risks. [0003] The end user-based database fine-grained access control technology realizes the database access control capability by identifying the end user who initiates the database access request, and loads the database row and colu...

AI Technical Summary

Problems solved by technology

[0004] At present, there are mainly the following ideas for carrying out research on database security protection: First, data encryption and decryption control is performed directly on the database, which can be divided into encryption and decryption of the entire database, tables in the database, and data in the tables to ensure data security; The second is to use middleware to add access control middleware between the user and the database, and realize database access control through encryption and decryption of data, table-level access control, etc.; Database firewalls are connected in series to achieve access control such as blocking database users from accessing the database and restricting returned data; however, the current research still has the following deficiencies: the process of database encryption and decryption often consumes computing resources, and the encrypted data columns are often not normal. Index, which affects database retrieval results; fails to implement access control of row and column-level data; cannot implement database access control for end users

Images