System and methods for providing query-based permissions to data
First Claim
1. A computing device comprising processor hardware that executes instructions to carry out actions comprising:
- accessing a graph database that includes a vertex representing a first user and a vertex representing a second user;
generating a query vertex comprising a traversal clause that represents a query of the graph database, wherein the traversal clause identifies a vertex type;
generating a first edge between the vertex representing the first user and the query vertex, wherein the first edge defines the first user'"'"'s permission to access the results of the query;
receiving a first request to execute the query on behalf of the first user;
in response to the first request, traversing the graph database to locate a first set of vertices of the identified vertex type, such that each vertex of the first set of vertices is semantically related to the first user'"'"'s vertex;
generating a first set of results based on the first set of vertices;
displaying, to the first user, the first set of results;
generating a second edge between the vertex representing the second user and the query vertex, wherein the second edge defines the second user'"'"'s permission to access the results of the query;
receiving a second request to execute the query on behalf of the second user;
in response to the second request, traversing the graph database to locate a second set of vertices of the identified vertex type, such that each of the second set of vertices is semantically related to the second user'"'"'s vertex;
generating a second set of results based on the second set of vertices; and
displaying, to the second user, the second set of results,wherein the first set of vertices and the second set of vertices are at least partially non-overlapping.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes generating a database query in a database; receiving a first request to execute the database query on behalf of a first user; in response to the first request, executing the database query to generate a first set of results such that the first set of results is limited to data with which there is a semantic relationship in the database to a first datum representing the first user; receiving a second request to execute the database query on behalf of a second user; in response to the second request, executing the database query to generate a second set of results such that the second set of results is limited to data with which there is a semantic relationship in the database to a second datum representing the second user, where the first set of results and the second set of results are at least partially non-overlapping.
14 Citations
23 Claims
-
1. A computing device comprising processor hardware that executes instructions to carry out actions comprising:
-
accessing a graph database that includes a vertex representing a first user and a vertex representing a second user; generating a query vertex comprising a traversal clause that represents a query of the graph database, wherein the traversal clause identifies a vertex type; generating a first edge between the vertex representing the first user and the query vertex, wherein the first edge defines the first user'"'"'s permission to access the results of the query; receiving a first request to execute the query on behalf of the first user; in response to the first request, traversing the graph database to locate a first set of vertices of the identified vertex type, such that each vertex of the first set of vertices is semantically related to the first user'"'"'s vertex; generating a first set of results based on the first set of vertices; displaying, to the first user, the first set of results; generating a second edge between the vertex representing the second user and the query vertex, wherein the second edge defines the second user'"'"'s permission to access the results of the query; receiving a second request to execute the query on behalf of the second user; in response to the second request, traversing the graph database to locate a second set of vertices of the identified vertex type, such that each of the second set of vertices is semantically related to the second user'"'"'s vertex; generating a second set of results based on the second set of vertices; and displaying, to the second user, the second set of results, wherein the first set of vertices and the second set of vertices are at least partially non-overlapping. - View Dependent Claims (2, 3, 4)
-
-
5. A computing device comprising processor hardware that executes instructions to carry out actions comprising:
-
accessing a graph database; generating a query vertex comprising a traversal clause that represents a query of the graph database, wherein the traversal clause identifies a vertex type; receiving, from a first user, an indication that the query is to be shared with a second user, wherein the first user is represented in the graph database by a vertex and the second user is represented in the graph database by a vertex; in response to the received indication, generating an edge from the second user'"'"'s vertex to the query vertex, wherein the generated edge defines the second user'"'"'s permission to access vertices located as a result of the query; receiving a request to execute the query on behalf of the second user; in response to the request, traversing the graph database to locate each vertex of the identified vertex type that is semantically related to the first user'"'"'s vertex; and displaying, to the second user, a set of results based on the located vertices, wherein the located vertices include at least one vertex in the graph database that was not accessible to the second user before the edge was generated in response to the received indication. - View Dependent Claims (6, 7, 8)
-
-
9. A computing device comprising processor hardware that executes instructions to carry out actions comprising:
-
accessing a graph database; generating a query vertex comprising a traversal clause that represents a query of the graph database, wherein the traversal clause identifies a vertex type; generating an edge from a user'"'"'s vertex to the query vertex, wherein the generated edge defines the user'"'"'s permission to access a set of vertices of the identified vertex type, and wherein the set of vertices is specific to the user; identifying, from the graph database, the set of vertices that are specific to the user, by traversing the graph database to locate each vertex of the identified vertex type that is semantically related to the user'"'"'s vertex; receiving a request to execute the query on behalf of the user; in response to the request, traversing only the identified set of vertices that are specific to the user to generate a report; and displaying the report to the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computing device comprising processor hardware that executes instructions to carry out actions comprising:
-
accessing a graph database; generating a first query vertex comprising a first traversal clause that represents a first query of the graph database, wherein the first traversal clause identifies a vertex type; generating a first edge from a user'"'"'s vertex to the first query vertex, wherein the generated first edge defines the user'"'"'s permission to access a first set of vertices of the vertex type; in the graph database, generating a second query vertex comprising a second traversal clause that represents a second query of the graph database, wherein the second traversal clause identifies the vertex type; generating a second edge from the user'"'"'s vertex to the second query vertex, wherein the generated second edge defines the user'"'"'s permission to access a second set of vertices of the vertex type; traversing the graph database to locate each vertex of the first set of vertices that is semantically related to the user'"'"'s vertex; traversing the graph database to locate each vertex of the second set of vertices that is semantically related to the user'"'"'s vertex, wherein the second set of vertices and the first set of vertices share at least one common vertex; for the at least one common vertex, comparing the permission defined by the first edge and the permission defined by the second edge; and based on a result of the comparison, granting, to the user, either the permission defined by the first edge or the permission defined by the second edge to access to the at least one common vertex. - View Dependent Claims (20, 21, 22, 23)
-
Specification