Protected handling of database queries
First Claim
1. A method for protected handling of queries of database system views and tables, the method comprising:
- receiving a first user query from a first user, the first user query being directed to one or more views or tables of a database, wherein capacities of users of the database are determined by permission levels allotted to the users of the database, the permission levels including a database administrator permission level, and wherein the first user is not allotted the database administrator permission level;
determining whether the first user has authority to provide the first user query based on the first user'"'"'s permission level;
upon determining that the first user has authority to provide the first user query, parsing the first user query with a query parser to identify elements of the first user query including identifying one or more targets of the first user query, and determining whether the identified elements of the first user query meet a set of database access criteria including ensuring that the one or more targets are limited to access of appropriate data based on the first user'"'"'s permission level;
upon determining that the identified elements of the first user query meet the set of database access criteria, automatically generating a first database query based on the identified elements of the first user query, the generation of the first database query including limiting the first database query according to the set of database access criteria;
accessing the one or more views or tables using the automatically generated first database query, wherein the access for the first database query is limited to read-only access;
obtaining a result of the access of the one or more views or tables;
allowing the first user to view the result of the access of the one or more views or tables; and
returning a query report based on the result of the access to the first user.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments regard protected handling of database queries. An embodiment of a method for querying database system views and tables includes: receiving a user query from a user, the user query being directed to one or both of a view and a table of a database, wherein the user is not a database administrator; parsing the user query with a query parser to identify elements of the user query, parsing the query including determining whether the query meets certain database access criteria; automatically generating a database query based on the parsing of the user query, the generation of the database query including generating a database query that is limited by the database access criteria; accessing the one or both of the view and the table using the generated database query, wherein the access is limited to read-only access; and obtaining a result of the access of the one or both of the view and table.
136 Citations
28 Claims
-
1. A method for protected handling of queries of database system views and tables, the method comprising:
-
receiving a first user query from a first user, the first user query being directed to one or more views or tables of a database, wherein capacities of users of the database are determined by permission levels allotted to the users of the database, the permission levels including a database administrator permission level, and wherein the first user is not allotted the database administrator permission level; determining whether the first user has authority to provide the first user query based on the first user'"'"'s permission level; upon determining that the first user has authority to provide the first user query, parsing the first user query with a query parser to identify elements of the first user query including identifying one or more targets of the first user query, and determining whether the identified elements of the first user query meet a set of database access criteria including ensuring that the one or more targets are limited to access of appropriate data based on the first user'"'"'s permission level; upon determining that the identified elements of the first user query meet the set of database access criteria, automatically generating a first database query based on the identified elements of the first user query, the generation of the first database query including limiting the first database query according to the set of database access criteria; accessing the one or more views or tables using the automatically generated first database query, wherein the access for the first database query is limited to read-only access; obtaining a result of the access of the one or more views or tables; allowing the first user to view the result of the access of the one or more views or tables; and returning a query report based on the result of the access to the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for protected handling of queries of database system views and tables, the apparatus comprising:
-
an interface for receipt of user queries of databases, the interface including a query parser to parse received user queries; a processor to process data, including data for database queries; and a memory for storage of data; wherein the apparatus is to automatically; receive from a first user a first user query directed to one or more views or tables of a database, wherein capacities of users of the database are determined by permission levels that are allotted to the users of the database, the permission levels including a database administrator permission level, and wherein the first user is not allotted the database administrator permission level; determine whether the first user has authority to provide the first user query based on the first user'"'"'s permission level; upon determining that the first user has authority to provide the first user query, parse the first user query with the query parser to identify elements of the first user query including identifying one or more targets of the first user query, and determining whether the identified elements of the first user query meet a set of database access criteria including ensuring that the one or more targets are limited to access of appropriate data based on the first user'"'"'s permission level; upon determining that the identified elements of the first user query meet the set of database access criteria, automatically generate a first database query based on the identified elements of the first user query, the generation of the first database query including limiting the first database query according to the set of database access criteria; access the one or more views or tables using the automatically generated first database query, wherein the access for the first database query is limited to read-only access; obtain a result of the access of the one or more views or tables; allow the first user to view the result of the access of the one or more views or tables; and return a query report based on the result of the access to the first user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium having stored thereon data representing sequences of instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving a first user query from a first user, the first user query being directed to one or more views or tables of a database, wherein capacities of users of the database are determined by permission levels allotted to the users of the database, the permission levels including a database administrator permission level, and wherein the first user is not allotted the database administrator permission level; determining whether the first user has authority to provide the first user query based on the first user'"'"'s permission level; upon determining that the first user has authority to provide the first user query, parsing the first user query with a query parser to identify elements of the first user query including identifying one or more targets of the first user query, and determining whether the identified elements of the first user query meet a set of database access criteria including ensuring that the one or more targets are limited to access of appropriate data based on the first user'"'"'s permission level; upon determining that the identified elements of the first user query meet the set of database access criteria, automatically generating a first database query based on the identified elements of the first user query, the generation of the first database query including limiting the first database query according to the set of database access criteria; accessing the one or more views or tables using the automatically generated first database query, wherein the access for the first database query is limited to read-only access; obtaining a result of the access of the one or more views or tables; allowing the first user to view the result of the access of the one or more views or tables; and returning a query report based on the result of the access to the first user. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification