A database security system protects a data table at both the column level and the individual data record level. Access to data records within the data table is governed by categories assigned to data records, by user roles assigned to users, and by a set of security access tables. A first access table maps data record identifiers to data record categories, data record protection schemes, and corresponding scheme keys. A second access table maps user roles to data record categories. A third access table maps column identifiers to column protection schemes and corresponding scheme keys. A fourth access table maps user roles to column identifiers. If a user requests access to a data record, the security access tables are queried using the data record identifier, the associated column identifier, and the user roles associated with the user to determine if the user can access the requested data record.