System and method for RDBMS to protect records in accordance with non-RDBMS access control rules
First Claim
1. A data system including a server computer programmed to undertake method acts for responding to user queries for data from a database controlled by the server computer, the method acts undertaken by the server computer including:
- receiving a query;
receiving an access control output from at least one algorithm from an information management system (IMS); and
in response to the query and the access control output, populating a view for presentation thereof to the user.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.
44 Citations
37 Claims
-
1. A data system including a server computer programmed to undertake method acts for responding to user queries for data from a database controlled by the server computer, the method acts undertaken by the server computer including:
-
receiving a query;
receiving an access control output from at least one algorithm from an information management system (IMS); and
in response to the query and the access control output, populating a view for presentation thereof to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for enforcing at least one information management system (IMS) access control rule in a data system including at least one application accessing at least one IMS associated with a database management system (DBMS), the application accessing the DBMS using at least one direct communication path bypassing the IMS, the method comprising:
-
receiving a specification for IMS data schema;
generating a DBMS view in response to the specification, the view encapsulating the IMS access control rule; and
presenting the view to a user via the direct communication path. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system, comprising:
-
at least one information management system (IMS);
at least one application communicating with the IMS; and
at least one relational database management system (RDBMS) communicating with the IMS, the application communicating directly with the RDBMS via at least one direct communication path not including the IMS. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for enforcing high level access control rules of an information management system (IMS) for an application directly communicating with a relational database management system (RDBMS) associated with the IMS, comprising:
-
providing at least one Access Authorization table (AAT), the AAT containing data representing high level access control rules;
providing at least one information table in the RDBMS; and
in response to a query for data from the application, joining the AAT with at least one information table to return a result in accordance with at least one of the high level access control rules. - View Dependent Claims (20, 21, 22)
-
-
23. A computer program product including computer usable code means programmed with logic for enforcing high level access control rules of an information management system (IMS) for an application directly communicating with a relational database management system (RDBMS) associated with the IMS, the program product comprising:
-
computer readable code means for binding at least one RDBMS table using one or more access control list (ACL) codes representing the high level access control rules;
computer readable code means for issuing a query from the application against an RDBMS view; and
computer readable code means for returning the result of the query against the view. - View Dependent Claims (24)
-
-
25. A data system including a server computer programmed to undertake method acts for responding to user queries for data from a database controlled by the server computer, the method acts undertaken by the server computer including:
-
storing the database in a second system;
maintaining access control specifications that restrict access to data;
allowing a user to access data directly through the second system; and
in response to the direct access by the user, causing the second system to enforce the access control specifications without intervention from the data system. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification