Data access authorization for dynamically generated database structures

US 10,530,779 B1
Filed: 03/31/2018
Issued: 01/07/2020
Est. Priority Date: 04/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a first area of a storage facility to store a subject database, the subject database comprising a set of subject data;

identifying a second area of the storage facility to store a set of subject database metadata, the set of subject database metadata comprising one or more subject database attributes characterizing the subject database;

identifying at least one user, wherein the at least one user has authorization to access a first portion of the set of subject data, and wherein the at least one user does not have authorization to access a second portion of the set of subject data;

receiving one or more subject database statements from the at least one user to perform an analysis over the set of subject data;

selecting at least one virtual multidimensional data model representing the subject database, the at least one virtual multidimensional data model comprising one or more virtual cubes derived from the one or more subject database attributes;

generating a first set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the first set of planned subject database statements based at least in part on the at least one virtual multidimensional data model;

detecting at least one data structure reference associated with the first set of planned subject database statements, the at least one data structure reference corresponding to at least some of the second portion of the set of subject data; and

generating, in response to detecting the at least one data structure reference, a second set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the second set of planned subject database statements based at least in part on the at least one virtual multidimensional data model, the second set of planned subject database statements generated to determine an authorization response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for determining user authorization to access data in dynamically generated database structures are presented. A method can commence upon receiving database statements from a user that is authorized to access a set of data in a database. A physical plan derived from the received database statements to operate on the database is inspected for references to dynamically generated data structures such as aggregates. A modified physical plan having no aggregates and/or other altered database structures is used to issue low latency database statements to operation on the database for verifying user access authorization to the underlying data. In some cases, the foregoing database statements are based on a virtual multidimensional data model. In other cases, a low latency directive is included in the modified physical plan to facilitate a low latency authorization response.

Citations

20 Claims

1. A method comprising:
- identifying a first area of a storage facility to store a subject database, the subject database comprising a set of subject data;
  
  identifying a second area of the storage facility to store a set of subject database metadata, the set of subject database metadata comprising one or more subject database attributes characterizing the subject database;
  
  identifying at least one user, wherein the at least one user has authorization to access a first portion of the set of subject data, and wherein the at least one user does not have authorization to access a second portion of the set of subject data;
  
  receiving one or more subject database statements from the at least one user to perform an analysis over the set of subject data;
  
  selecting at least one virtual multidimensional data model representing the subject database, the at least one virtual multidimensional data model comprising one or more virtual cubes derived from the one or more subject database attributes;
  
  generating a first set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the first set of planned subject database statements based at least in part on the at least one virtual multidimensional data model;
  
  detecting at least one data structure reference associated with the first set of planned subject database statements, the at least one data structure reference corresponding to at least some of the second portion of the set of subject data; and
  
  generating, in response to detecting the at least one data structure reference, a second set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the second set of planned subject database statements based at least in part on the at least one virtual multidimensional data model, the second set of planned subject database statements generated to determine an authorization response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the second set of planned subject database statements is generated based at least in part on one or more constraints.
  - 3. The method of claim 2, wherein at least one of the one or more constraints is based at least in part on the at least one data structure reference.
  - 4. The method of claim 1, wherein the at least one data structure reference is detected at least in part by issuing one or more low latency subject database statements to operate on a set of underlying data corresponding to the at least one data structure reference.
  - 5. The method of claim 4, wherein an access token is issued with the one or more low latency subject database statements to facilitate accessing the set of underlying data.
  - 6. The method of claim 1, wherein the at least one data structure reference corresponds to at least one of, one or more altered subject data structures, one or more aggregates, one or more partitions, one or more shards, one or more indexes, one or more materialized views, or one or more caches.
  - 7. The method of claim 6, further comprising:
    - generating, responsive to receiving the one or more subject database statements, at least one of the one or more altered subject data structures.
  - 8. The method of claim 1, further comprising:
    - generating, responsive to receiving the one or more subject database statements, the at least one virtual multidimensional data model.
  - 9. The method of claim 1, further comprising:
    - issuing the second set of planned subject database statements to return a result set.
  - 10. The method of claim 1, further comprising:
    - determining one or more physical plans representing the second set of planned subject database statements, the physical plans comprising one or more programming code objects.

11. A computer readable medium, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor causes the processor to perform a set of acts, the set of acts comprising:
- identifying a first area of a storage facility to store a subject database, the subject database comprising a set of subject data;
  
  identifying a second area of the storage facility to store a set of subject database metadata, the set of subject database metadata comprising one or more subject database attributes characterizing the subject database;
  
  identifying at least one user, wherein the at least one user has authorization to access a first portion of the set of subject data, and wherein the at least one user does not have authorization to access a second portion of the set of subject data;
  
  receiving one or more subject database statements from the at least one user to perform an analysis over the set of subject data;
  
  selecting at least one virtual multidimensional data model representing the subject database, the at least one virtual multidimensional data model comprising one or more virtual cubes derived from the one or more subject database attributes;
  
  generating a first set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the first set of planned subject database statements based at least in part on the at least one virtual multidimensional data model;
  
  detecting at least one data structure reference associated with the first set of planned subject database statements, the at least one data structure reference corresponding to at least some of the second portion of the set of subject data; and
  
  generating, in response to detecting the at least one data structure reference, a second set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the second set of planned subject database statements based at least in part on the at least one virtual multidimensional data model, the second set of planned subject database statements generated to determine an authorization response.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer readable medium of claim 11, wherein the at least one data structure reference is detected at least in part by issuing one or more low latency subject database statements to operate on a set of underlying data corresponding to the at least one data structure reference.
  - 13. The computer readable medium of claim 11, further comprising instructions which, when stored in memory and executed by the processor causes the processor to perform acts of generating, responsive to receiving the one or more subject database statements, one or more altered subject data structures.
  - 14. The computer readable medium of claim 11, further comprising instructions which, when stored in memory and executed by the processor causes the processor to perform acts of generating, responsive to receiving the one or more subject database statements, the at least one virtual multidimensional data model.
  - 15. The computer readable medium of claim 11, wherein the second set of planned subject database statements is generated based at least in part on one or more constraints, and wherein at least one of the one or more constraints is based at least in part on the at least one data structure reference.

16. A system comprising:
- a non-transitory computer readable storage medium having stored thereon a sequence of instructions; and
  
  a processor that executes the sequence of instructions to cause the processor to perform a set of acts, the set of acts comprising;
  
  identifying a first area of a storage facility to store a subject database, the subject database comprising a set of subject data;
  
  identifying a second area of the storage facility to store a set of subject database metadata, the set of subject database metadata comprising one or more subject database attributes characterizing the subject database;
  
  identifying at least one user, wherein the at least one user has authorization to access a first portion of the set of subject data, and wherein the at least one user does not have authorization to access a second portion of the set of subject data;
  
  receiving one or more subject database statements from the at least one user to perform an analysis over the set of subject data;
  
  selecting at least one virtual multidimensional data model representing the subject database, the at least one virtual multidimensional data model comprising one or more virtual cubes derived from the one or more subject database attributes;
  
  generating a first set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the first set of planned subject database statements based at least in part on the at least one virtual multidimensional data model;
  
  detecting at least one data structure reference associated with the first set of planned subject database statements, the at least one data structure reference corresponding to at least some of the second portion of the set of subject data; and
  
  generating, in response to detecting the at least one data structure reference, a second set of planned subject database statements to perform the analysis corresponding to the one or more subject database statements, the second set of planned subject database statements based at least in part on the at least one virtual multidimensional data model, the second set of planned subject database statements generated to determine an authorization response.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further comprising instructions which, when executed by the processor causes the processor to perform acts of generating, responsive to receiving the one or more subject database statements, one or more altered subject data structures.
  - 18. The system of claim 16, further comprising instructions which, when executed by the processor causes the processor to perform acts of generating, responsive to receiving the one or more subject database statements, the at least one virtual multidimensional data model.
  - 19. The system of claim 16, further comprising instructions which, when executed by the processor causes the processor to perform acts of issuing the second set of planned subject database statements to return a result set.
  - 20. The system of claim 16, further comprising instructions which, when executed by the processor causes the processor to perform acts of determining one or more physical plans representing the second set of planned subject database statements, the physical plans comprising one or more programming code objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AtScale, Inc.
Original Assignee
AtScale, Inc.
Inventors
Gerweck, Sarah
Primary Examiner(s)
Turchen, James R

Application Number

US15/942,456
Time in Patent Office

647 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/2453   Query optimisation

G06F 16/283   Multi-dimensional databases...

G06F 21/00   Security arrangements for p...

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

Data access authorization for dynamically generated database structures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data access authorization for dynamically generated database structures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links