SQL Database Authorizer
    • 20 Nov 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    SQL Database Authorizer

    • Dark
      Light
    • PDF

    Article summary

    PlainID offers a Data Authorizer integration pattern for this third-party vendor. For more information, see Data Access Authorization Patterns.

    PlainID's SQL Database Authorizer, a Data Authorizer is a solution designed to enhance data security and access control within SQL databases. When users initiate data queries, the PlainID Database Authorizer intercepts these requests made to SQL databases. It evaluates the query with PlainID Policies and enforces access conditions. For highly sensitive data, you can establish strict controls at a granular level, allowing users to configure individual rows, columns, and cells.

    This functionality operates in real-time, dynamically modifying SQL queries as they occur. Users only gain access to data they are explicitly authorized to view. PlainID's Authorizer seamlessly integrates with popular databases like MSSQL and PostgreSQL, providing continuous, context-aware access control. Whether you're using .NET, Java Spring Boot, or other technologies, users can ensure secure access management in diverse environments.

    SQL Modifier Graphic.png

    1. Users navigate to an application to interact with digital assets.
    2. The PlainID library (Java Spring Boot or .NET libraries) is initialized in either the application layer or the microservice responsible for fetching data from the database.
      Those libraries initiate a call to the PlainID SQL Database Authorizer REST API.
    3. The SQL Database Authorizer examines the original SQL statement intended for use by the microservice or app (like SELECT * FROM CLIENTS_TABLE).
      The SQL Database Authorizer then communicates with the PlainID Policy Decision Point (PDP) REST API to obtain an authorization decision, performed in the context of the user's identity.
    4. Based on PlainID's PDP access response, the Authorizer then modifies the original SQL statement. It transforms the statement to align with the authorized access, generating a new SQL statement. For instance, it may change the statement to something like SELECT FNAME, LNAME, ADDRESS from CLIENTS_TABLE where CLIENTS_TABLE.REGION=’US’.
    5. Finally, if authorized, the appropriate data is fetched from the database.

    Was this article helpful?