Method, system, and program for an improved enterprise spatial system
First Claim
Patent Images
1. A method for access control, comprising:
- controlling, with a processor of a computer, access to a data set associated with a data layer using a layer definition table, a user table, a resource access control list table, and an application definition table, wherein the layer definition table has a layer identifier column that maps to a resource identifier column of the resource access control list table, and wherein the resource access control list table has a user identifier column that maps to a user identifier column of the user table and has an entry in an access type column that points to a row of the application definition table, by;
receiving a request, from a user having a user identifier, to access the data set associated with the data layer having a data layer identifier;
accessing a resource access control list entry of the resource access control list table to determine whether the user has access to the data layer based on whether there is a first match of a user identifier of the user identifier column of the resource access control list entry and the user identifier of the user and a second match of a resource identifier of the resource identifier column of the resource access control list entry and the data layer identifier of the data layer;
in response to determining that there is the first match and the second match, providing access to the data layer by;
locating a layer definition table entry in the layer definition table using the data layer identifier of the data layer;
identifying a data store in the layer definition table entry; and
retrieving data for the data set from the data store; and
in response to determining that the resource access control list entry does not specify the data layer identifier, denying access to the data layer.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method, system, and program for providing access to spatial data. A request for data is received. Enterprise and third party data are integrated. The integrated data is processed. Spatially referenced results are generated using the processed data. The spatially referenced results are returned in response to the request.
77 Citations
12 Claims
-
1. A method for access control, comprising:
-
controlling, with a processor of a computer, access to a data set associated with a data layer using a layer definition table, a user table, a resource access control list table, and an application definition table, wherein the layer definition table has a layer identifier column that maps to a resource identifier column of the resource access control list table, and wherein the resource access control list table has a user identifier column that maps to a user identifier column of the user table and has an entry in an access type column that points to a row of the application definition table, by; receiving a request, from a user having a user identifier, to access the data set associated with the data layer having a data layer identifier; accessing a resource access control list entry of the resource access control list table to determine whether the user has access to the data layer based on whether there is a first match of a user identifier of the user identifier column of the resource access control list entry and the user identifier of the user and a second match of a resource identifier of the resource identifier column of the resource access control list entry and the data layer identifier of the data layer; in response to determining that there is the first match and the second match, providing access to the data layer by; locating a layer definition table entry in the layer definition table using the data layer identifier of the data layer; identifying a data store in the layer definition table entry; and retrieving data for the data set from the data store; and in response to determining that the resource access control list entry does not specify the data layer identifier, denying access to the data layer. - View Dependent Claims (2, 3, 4)
-
-
5. A system for access control, comprising:
-
a processor; and a storage device connected to the processor, wherein the storage device has stored thereon a program, and wherein the processor is configured to execute instructions of the program to perform operations, wherein the operations comprise; controlling access to a data set associated with a data layer using a layer definition table, a user table, a resource access control list table, and an application definition table, wherein the layer definition table has a layer identifier column that maps to a resource identifier column of the resource access control list table, and wherein the resource access control list table has a user identifier column that maps to a user identifier column of the user table and has an entry in an access type column that points to a row of the application definition table, by; receiving a request, from a user having a user identifier, to access the data set associated with the data layer having a data layer identifier; accessing a resource access control list entry of the resource access control list table to determine whether the user has access to the data layer based on whether there is a first match of a user identifier of the user identifier column of the resource access control list entry and the user identifier of the user and a second match of a resource identifier of the resource identifier column of the resource access control list entry and the data layer identifier of the data layer; in response to determining that there is the first match and the second match, providing access to the data layer by; locating a layer definition table entry in the layer definition table using the data layer identifier of the data layer; identifying a data store in the layer definition table entry; and retrieving data for the data set from the data store; and in response to determining that the resource access control list entry does not specify the data layer identifier, denying access to the data layer. - View Dependent Claims (6, 7, 8)
-
-
9. An article of manufacture comprising a non-transitory computer readable medium storing a program for access control, wherein the program, when executed by a processor of a computer, is configured to perform:
-
controlling access to a data set associated with a data layer using a layer definition table, a user table, a resource access control list table, and an application definition table, wherein the layer definition table has a layer identifier column that maps to a resource identifier column of the resource access control list table, and wherein the resource access control list table has a user identifier column that maps to a user identifier column of the user table and has an entry in an access type column that points to a row of the application definition table, by; receiving a request, from a user having a user identifier, to access the data set associated with the data layer having a data layer identifier; accessing a resource access control list entry of the resource access control list table to determine whether the user has access to the data layer based on whether there is a first match of a user identifier of the user identifier column of the resource access control list entry and the user identifier of the user and a second match of a resource identifier of the resource identifier column of the resource access control list entry and the data layer identifier of the data layer; in response to determining that there is the first match and the second match, providing access to the data layer by; locating a layer definition table entry in the layer definition table using the data layer identifier of the data layer; identifying a data store in the layer definition table entry; and retrieving data for the data set from the data store; and in response to determining that the resource access control list entry does not specify the data layer identifier, denying access to the data layer. - View Dependent Claims (10, 11, 12)
-
Specification