A system and method are provided for an information management system
(IMS) having an underlying relational database management system (RDBMS)
that allows applications to access the RDBMS directly for improved
performance without going through the IMS, while maintaining access
control. An access control list (ACL) is generated, with tables in the
RDBMS being bound using codes in the ACL. At run time or, more
preferably, pre-run time, user-defined functions (UDF) evaluate access
control attributes and generate an access authorization table, which is
joined with the appropriate information table(s) in response to a query
against a view on the table. The view is presented to the querying user.
Thus, access control rules are encapsulated in the view that is presented
to the user.