Event-based database access execution
First Claim
1. A method of executing event-based database access requests comprising:
- receiving a database access request;
determining whether said request includes an explicit authorisation privilege;
inferring an authorisation privilege in the case where there is no said authorisation privilege; and
executing said access request.
2 Assignments
0 Petitions
Accused Products
Abstract
An authorisation privilege for an access request is inferred when no explicit privilege exists. The inference can be performed by way of mining occurrence patterns or derived from user hierarchy, profile, click history, transaction history or role. For any access request, the respective explicit privilege or inferred privilege is verified by the database or security administrator before the access request is permitted. Conditions expressed in an access policy are evaluated on the occurrence of predefined events. The events extend beyond user access requests, and include external events, composite events and access of a referential type. The access policy is framed in ‘event, condition, access enforcement’ terminology. The access control rules can be parameterised and can be instantiated by data obtained from inference rules associated with the conditions of the policy. The conditions have an evaluation component and an inference component. The access privileges supported are: read, write and indirect read. An indirect read operation typically allows a user qualified access to one or more portions of a database, but not the entire database.
-
Citations
35 Claims
-
1. A method of executing event-based database access requests comprising:
-
receiving a database access request;
determining whether said request includes an explicit authorisation privilege;
inferring an authorisation privilege in the case where there is no said authorisation privilege; and
executing said access request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of executing event-based database access requests within an access control policy having a set of events, and for each event, one or more condition evaluations and associated inference rules, and access enforcement actions, the method comprising:
-
receiving a database access request;
assessing which event applies;
for the applicable event, evaluating said conditions against said request;
determining whether said request includes a explicit authorisation privilege, and inferring an authorisation privilege in the case where there is none; and
executing a relevant said enforcement action. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A database system having event-based access, the system comprising:
-
a user input interface by which user access requests are received;
a database; and
a processor controlling execution of user access requests to said database, and wherein, in response to a said access request, said processor determines whether said request includes an explicit authorisation privilege, infers an authorisation privilege in the case where there is none, and executes said access request. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A database system having event-based access within an access control policy having a set of events, and for each event, one or more condition evaluations and associated inference rules, and access enforcement actions, comprising:
-
a user input interface by which user access requests are received;
a database; and
a processor controlling execution of user access requests to said database, and wherein, in response to an access request, the processor assesses which event applies, and for the applicable event, evaluates said conditions against said request, determines whether said request includes a explicit authorisation privilege, infers an authorisation privilege in the case where there is none, and executes a relevant said enforcement action. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. Computer software for execution of event-based database requests, recorded on a medium and able to be executed by a computer system capable of interpreting the computer software, the computer software comprising:
-
software code means for receiving a database access request;
software code means for determining whether said request includes an explicit authorisation privilege, and for inferring an authorisation privilege in the case where there is none; and
software code means for executing said access request. - View Dependent Claims (26, 27, 28, 29)
-
-
30. Computer software for executing event-based database access requests within an access control policy having a set of events, and for each event, one or more condition evaluations and associated inference rules, and access enforcement actions, the software comprising:
-
software code means for receiving a database access request;
software code means for assessing which event applies, and for the applicable event, to evaluate said conditions against said request;
software code means for determining whether said request includes a explicit authorisation privilege and inferring an authorisation privilege in the case where there is none; and
software code means for executing a relevant said enforcement action. - View Dependent Claims (31, 32, 33, 34, 35)
-
Specification