An object access service is implemented on a computer system for configuring and enforcing multi-dimensional data security using security assignments beyond role-based access controls. The computer system accesses a request submitted on behalf of a user for access to database structure(s). The computer system requests predicate(s) mapped to role(s) assigned to the user and stored in association with the database structure(s). Predicate(s) submitted to the database may be dynamically filled in by the database pursuant to retrieving data from the database structure(s) to reference security assignment field(s) and security assignment value(s) of the security assignment. The predicate(s) are used to retrieve a security assignment that restricts access to the database structure(s) beyond the role(s) assigned to the user. The security assignment is used to restrict data accessible from the database structure(s) to generate a result set, which is transmitted to a client consumer system for consumption via a consumer interface.
Full Text
What is claimed is: