Dynamic rules-based secure data access system for business computer platforms
First Claim
1. A security system for permitting or denying access to a database comprising resources, the system comprising:
- organizing the resources into at least two identified business functions to which access is controlled;
organizing resources within each business function into a hierarchical arrangement comprising levels at which access can be controlled to any accessor;
assigning at least one role to each accessor, the role determining the level of the hierarchical arrangement at which the accessor is allowed to access resources; and
defining the rights and privileges of an accessor to accessed resources based on a role of the accessor.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a dynamic rules-based secure data access system that may be used in a variety of applications that include a requirement for controlled secure access to a database. The rules-based access system has several features. One of these is that each user be assigned a role, either as an individual or as part of the group. Access rights may be assigned based on roles, but these can be modified within the system by individual users, that have authority to do so. Further, the data resources that each user is allowed to access, based on his or her role, and the extent of viewing and of data manipulation allowed, is further controlled based on assigned “rights and privileges”.
Another feature is that the database may be viewed as structured and organized into “business functions”, which are useful in business enterprises, such as sales, marketing, customer supports, etc. Users may be restricted to only certain functions, based on their roles. Within the business function units, the resources may be regarded as are further subdivided into several hierarchy levels; such as business objects, and instances of these objects. Users may be allowed access to only a specific business function, and only specific levels within that functional unit, based on role. Further, data may be restricted within each of the hierarchy levels, so that a user with access may not be allowed to see or manipulate all resources on a particular level within the hierarchy.
139 Citations
40 Claims
-
1. A security system for permitting or denying access to a database comprising resources, the system comprising:
-
organizing the resources into at least two identified business functions to which access is controlled;
organizing resources within each business function into a hierarchical arrangement comprising levels at which access can be controlled to any accessor;
assigning at least one role to each accessor, the role determining the level of the hierarchical arrangement at which the accessor is allowed to access resources; and
defining the rights and privileges of an accessor to accessed resources based on a role of the accessor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising a secure data access protocol for controlling access to a database, the database comprising a hierarchy of information, and the access protocol comprising:
-
decision criteria for allowing or denying access to the database, the criteria using roles assigned to potential accessors of the database to determine access to any one or more levels of hierarchy of the database; and
rules defining rights and privileges of accessors of the one or more levels, the rules and privileges defining limits to viewing of accessed resources and defining limits to manipulation of the resources. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification