Cell-level data access control using user-defined functions
First Claim
Patent Images
1. A method for accessing information in an information store in accordance with an access policy, said method comprising:
- receiving an access request comprising a request for a first type of information, wherein said request for a first type of information has associated therewith first information contained in said information store;
replacing said request for a first type of information with a modified request for a first type of information, said modified request being based on said access policy; and
accessing said information store to produce a result in response to said access request, wherein said modified request produces either a masked value or said first information, based on said access policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Access control at the cell level is provided by the use of mask functions. Original queries are modified to contain mask functions for those cells which controlled access in accordance with an access policy is desired. In addition, filter functions are included to eliminate rows according to the access policy
-
Citations
20 Claims
-
1. A method for accessing information in an information store in accordance with an access policy, said method comprising:
-
receiving an access request comprising a request for a first type of information, wherein said request for a first type of information has associated therewith first information contained in said information store;
replacing said request for a first type of information with a modified request for a first type of information, said modified request being based on said access policy; and
accessing said information store to produce a result in response to said access request, wherein said modified request produces either a masked value or said first information, based on said access policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a relational database, a method for accessing information in accordance with an access policy, said method comprising:
-
providing at least one query comprising a SELECT statement, said SELECT statement comprising one or more column references;
replacing at least one of said one or more column references with a mask function to produce a modified query; and
producing a query result in response to said modified query comprising one or more rows of information;
wherein said query result includes, for said at least one of said one or more column references, either mask values or information from said relational database, based on said access policy. - View Dependent Claims (8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
12. A computer-based information retrieval system comprising:
-
computer memory having computer readable program code embodied therein for accessing an information store in accordance with an access policy, said computer readable program code comprising;
first code configured to receive an access request for a first type of information, wherein said request for a first type of information has associated therewith first information;
second code configured to replace said request for a first type of information with a modified request for a first type of information, said modified request being based on said access policy; and
third code configured to access said information store to produce a result in response to said access request, wherein said modified request produces either a masked value or said first information, based on said access policy.
-
Specification