Existing fine-grained access control (FGAC) mechanisms in relational databases suffer from poor scalability beyond hundreds of policies, causing significant query performance degradation. This paper introduces Sieve, a middleware layer deployed between applications and databases to enable efficient FGAC enforcement. Its core contributions are: (1) a guarded-expression-based query rewriting framework tightly integrated with index-aware optimization to accelerate policy matching; and (2) a cache management strategy featuring workload-adaptive replacement and incremental refresh, balancing consistency guarantees with low latency. Extensive experiments on real-world and synthetic datasets demonstrate that Sieve improves policy evaluation throughput by 2–10× over baseline approaches. Furthermore, its caching layer accelerates query execution by 6%–22%, enabling millisecond-scale response times even under workloads involving thousands of access policies.

The proliferation of smart technologies and evolving privacy regulations such as the GDPR and CPRA has increased the need to manage fine-grained access control (FGAC) policies in database management systems (DBMSs). Existing approaches to enforcing FGAC policies do not scale to thousands of policies, leading to degraded query performance and reduced system effectiveness. We present Sieve, a middleware for relational DBMSs that combines query rewriting and caching to optimize FGAC policy enforcement. Sieve rewrites a query with guarded expressions that group and filter policies and can efficiently use indexes in the DBMS. It also integrates a caching mechanism with an effective replacement strategy and a refresh mechanism to adapt to dynamic workloads. Experiments on two DBMSs with real and synthetic datasets show that Sieve scales to large datasets and policy corpora, maintaining low query latency and system load and improving policy evaluation performance by between 2x and 10x on workloads with 200 to 1,200 policies. The caching extension further improves query performance by between 6 and 22 percent under dynamic workloads, especially with larger cache sizes. These results highlight Sieve's applicability for real-time access control in smart environments and its support for efficient, scalable management of user preferences and privacy policies.