System and methods for providing query-based permissions to data
First Claim
1. A method implemented on a computing device, the method comprising:
- generating, in a graph database, an access role vertex that defines an access role of a user, wherein the access role vertex is connected to a user vertex representing the user;
generating a query vertex comprising a traversal clause that represents a query of the graph database;
generating a permission edge between the access role vertex and the query vertex, wherein the permission edge defines the access role'"'"'s default permission to access results of the query;
generating an edit rule vertex, wherein the edit rule vertex comprises a rule that defines a permission to edit the results of the query;
generating an edge between the query vertex and the edit rule vertex;
generating an edge between the access role vertex and the edit rule vertex, wherein the permission to edit the results of the query defined by the rule overrides the default permission defined by the permission edge;
receiving a request to execute the query on behalf of the user;
in response to the request, traversing the graph database according to the traversal clause to locate a set of vertices; and
generating a set of results based on the set of vertices.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes generating, in a graph database, an access role vertex that defines an access role of a user, where the access role vertex is connected to a user vertex representing the user; generating a query vertex including a traversal clause that represents a query of the graph database; generating a permission edge between the access role vertex and the query vertex, where the permission edge defines the access role'"'"'s permission to access the results of the query; receiving a request to execute the query on behalf of the user; in response to the request, traversing the graph database according to the traversal clause to locate a set of vertices; and generating a set of results based on the set of vertices.
-
Citations
23 Claims
-
1. A method implemented on a computing device, the method comprising:
-
generating, in a graph database, an access role vertex that defines an access role of a user, wherein the access role vertex is connected to a user vertex representing the user; generating a query vertex comprising a traversal clause that represents a query of the graph database; generating a permission edge between the access role vertex and the query vertex, wherein the permission edge defines the access role'"'"'s default permission to access results of the query; generating an edit rule vertex, wherein the edit rule vertex comprises a rule that defines a permission to edit the results of the query; generating an edge between the query vertex and the edit rule vertex; generating an edge between the access role vertex and the edit rule vertex, wherein the permission to edit the results of the query defined by the rule overrides the default permission defined by the permission edge; receiving a request to execute the query on behalf of the user; in response to the request, traversing the graph database according to the traversal clause to locate a set of vertices; and generating a set of results based on the set of vertices. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method implemented on a computing device, the method comprising:
-
generating, in a graph database, an access role vertex that defines an access role of a user, wherein the access role vertex is connected to a user vertex representing the user; generating a query vertex comprising a traversal clause that represents a query of the graph database; generating a permission edge between the access role vertex and the query vertex, wherein the permission edge defines the access role'"'"'s default permission to access results of the query, wherein the results of the query comprise a set of vertices that is specific to the user; generating an edit rule vertex, wherein the edit rule vertex comprises a rule that defines a permission to edit the results of the query; generating an edge between the query vertex and the edit rule vertex; generating an edge between the access role vertex and the edit rule vertex, wherein the permission to edit the results of the query defined by the rule overrides the default permission defined by the permission edge; identifying, from the graph database, the set of vertices that is specific to the user; receiving a request to execute the query on behalf of the user; and in response to the request, traversing only the identified set of vertices that is specific to the user to generate a sub-graph specific to the user. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method implemented on a computing device, the method comprising:
-
generating, in a graph database, a first access role vertex that defines an access role of a first user, wherein the first access role vertex is connected to a first user vertex representing the first user; generating, in the graph database, a second access role vertex that defines an access role of a second user, wherein the second access role vertex is connected to a second user vertex representing the second user; generating a query vertex comprising a traversal clause that represents a query of the graph database; generating a permission edge between the first access role vertex and the query vertex, wherein the permission edge defines the first access role'"'"'s default permission to access the results of the query; generating an edit rule vertex, wherein the edit rule vertex comprises a rule that defines a permission to edit the results of the query; generating an edge between the query vertex and the edit rule vertex; generating an edge between the first access role vertex and the edit rule vertex, wherein the permission to edit the results of the query defined by the rule overrides the default permission defined by the permission edge; receiving, from the first user, an indication that the database query is to be shared with the second user; in response to the received indication, generating an edge between the second access role vertex and the query vertex; receiving a request to execute the database query on behalf of the second user; in response to the request, traversing the graph database according to the traversal clause to locate a set of vertices, wherein the set of vertices includes at least one vertex in the graph database that was not accessible to the second user before the edge was generated between the second access role vertex and the query vertex; and displaying, to the second user, a set of results based on the located set of vertices. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification