Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

A method and process for imposing fine-grained next generation access controls over RDBMS SQL Queries and database objects

Patent Number: 10,127,393

Abstract

A computer-implemented method included: receiving, by an access manager, a query from a source; communicating the query from the access manager to a translator; translating the query into a next generation access control (NGAC) input; communicating the NGAC input to an NGAC engine, the NGAC engine including access control data; receiving the NGAC input; determining an authorization response; communicating the authorization response to the translator; translating the authorization response into a response statement; communicating the response statement to the access manager; communicating, if the response statement comprises a permitted statement: a permitted query to a database from the access manager, the permitted query comprising a data operation; and performing the data operation on data in the database; and blocking access by the source to data in the database if the response statement comprises a deny statement.

Patent Description

The Policy Machine is an access control framework that served as the basis for the development of an American National Standards Institute (ANSI)/ the International Committee for Information Technology Standards (INCITS – the central U.S. forum dedicated to creating technology standards for the next generation of innovation) standards call the Next Generation Access Control (NGAC). 

NGAC consists of:

  • A standard set of data elements and relations that can be configured to express arbitrary access control policies in support of a wide variety of data services and applications;
  • A generic set of operations that include read, write, operations that can be performed on resource data, and administrative operations for configuring (creating and deleting) the data elements and relations that represent policies; and
  • A standard set of functions for computing access control decisions and enforcing policy over user access requests to perform read/write and its administrative operations

NGAC is a flexible access control framework in that it can be molded in support of combinations of diverse access control policies.  NGAC can often provide much of the same data service functionality that is provided by existing application products and system utilities, such as file management, workflow, and internal messaging and with similar performance.

Image of a spreadhsheet with some records

Features

An advantage of NGAC is that access control policies are comprehensively enforced over its data services, while the non-NGAC data service counterpart are not.

Created February 26, 2020, Updated April 15, 2020