Security systems, methods, and computer program products for information integration platform
First Claim
1. A method, comprising:
- receiving, by a search system, a search query from a client device associated with a user, the search system configured for evaluating search queries according to a security model, the security model having an inbound check and an outbound check;
responsive to the search query, performing the inbound check at query time, the inbound check including determining principals associated with the user, the inbound check performed by the search system embodied on a server machine;
modifying the search query to include a union of the security level principals associated with the user to define a scope of search for the search query, the modifying performed by the search system, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified in across the plurality of repositories using the principals obtained or received from the plurality of repositories;
after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query, the outbound check performed by the search system;
based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access, the filtering performed by the search system; and
presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user.
4 Assignments
0 Petitions
Accused Products
Abstract
An information integration system may include a set of integration services embodied on one or more server machines in a computing environment. The set of integration services may include connectors communicatively connected to disparate information systems. The connectors may be configured for integrating data stored in the disparate information systems utilizing a common model employed by the set of integration services. The common model may overlay, augment, integrate, or otherwise utilize a content management interoperability services data model and may include common property definitions and a common security model. The common security model may include permissions particularly defined for use by the set of integration services. These common property definitions and permissions may be uniquely defined and utilized by the information integration system.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a search system, a search query from a client device associated with a user, the search system configured for evaluating search queries according to a security model, the security model having an inbound check and an outbound check; responsive to the search query, performing the inbound check at query time, the inbound check including determining principals associated with the user, the inbound check performed by the search system embodied on a server machine; modifying the search query to include a union of the security level principals associated with the user to define a scope of search for the search query, the modifying performed by the search system, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified in across the plurality of repositories using the principals obtained or received from the plurality of repositories; after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query, the outbound check performed by the search system; based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access, the filtering performed by the search system; and presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A search system, comprising:
-
a processor; a non-transitory computer readable medium; and stored instructions translatable by the processor to perform; receiving a search query from a client device associated with a user; responsive to the search query, performing an inbound check at query time, the inbound check including determining principals associated with the user; modifying the search query to include a union of the principals associated with the user to define a scope of search for the search query, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified across the plurality of repositories using the principals obtained or received from the plurality of repositories; after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query; based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access; and presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product comprising a non-transitory computer readable medium storing instructions translatable by a processor of a search system to perform:
-
receiving a search query from a client device associated with a user; responsive to the search query, performing an inbound check at query time, the inbound check including determining principals associated with the user; modifying the search query in accordance with to include a union of the principals associated with the user to define a scope of search for the search query, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified across the plurality of repositories using the principals obtained or received from the plurality of repositories; after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query; based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access; and presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification