×

Access control for objects having attributes defined against hierarchically organized domains containing fixed number of values

  • US 10,645,090 B2
  • Filed: 02/09/2018
  • Issued: 05/05/2020
  • Est. Priority Date: 10/08/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computing system comprising:

  • a relational database server to store a plurality of objects representing digital entities of interest on a non-volatile storage, each object having corresponding attributes,wherein each object of said plurality of objects is represented in a corresponding set of tables in said relational database server, wherein the attributes of each object are represented as respective columns of the corresponding set of tables,wherein instances of each object are stored as respective rows of the corresponding set of tables, with the value of the attributes of the object being stored in the respective column of the row,wherein said relational database server allows access to said plurality of objects using SQL (structured query language) queries,wherein each attribute is stored with a corresponding attribute value in the respective column in said relational database server,wherein the attribute value is one of a plurality of values organized as hierarchically organized domains, with the set value of each attribute expressing the corresponding characteristic of the corresponding entity;

    an administrator system comprising a memory and a processor, said memory to store instructions and said processor to execute said instructions stored in said memory to cause said administrator system to perform the operations of;

    receive data indicating said plurality of hierarchies of hierarchically organized domains;

    display on a display unit at a first time instance, the values of the corresponding domains in each hierarchy of said plurality of hierarchies along with a plurality of user entities;

    enable an administrator to specify a first combination comprising a user entity from said plurality of user entities, a first value from a first plurality of values of a first hierarchy and a second value from a second plurality of values of a second hierarchy, said first hierarchy and said second hierarchy being contained in said plurality of hierarchies; and

    enable said administrator to specify a first security rule permitting or denying access for said first combination of said user entity, said first value and said second value; and

    a server system operable to;

    receive a user request requesting access to objects stored in said relational database server from said user entity;

    determine that a first object stored in said relational database server is required for processing said user request;

    check whether said first object has stored in said relational database server a first attribute value and a second attribute value respectively matching said first value and said second value specified in said first security rule; and

    enforce said first security rule to permit or deny access to said first object as specified in said first security rule in further processing of said user request if said match is present and not enforce said first security rule otherwise, as a response to said administrator having specified said first security rule for said first combination.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×