System and method for providing security mechanisms for data warehousing and analysis
First Claim
1. A method of providing restricted access to data contained in a business intelligence system using a database and having an application with user input, the method including the steps of:
- a) defining one or more security roles;
b) associating the one or more security roles with business intelligence data stored in the database;
c) deriving one or more security filters from the security roles and storing the one or more security filters;
d) selecting for a user requiring a report the one or more user security roles from the stored one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;
e) accepting, from the user requiring the report, input defining an original data access language statement, to determine the information required to be selected from the database;
f) combining the stored one or more related security filters with the original data access language statement to produce a modified data access statement, to limit the data accessed by the data access statement in accordance with the previously selected security roles;
g) accessing the data stored within the database by interpreting the modified data access statement; and
h) presenting the user requiring the report with business intelligence data accessed by the modified data access statement.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention discloses a method for using a relational database management system to support on-line analytical processing (OLAP) systems by providing a security access mechanism. The method of restricting access to data contained in a business intelligence system, comprises the steps of defining one or more security roles, associating the security roles with business intelligence data, selecting one or more security roles from the one or more security roles, combining the one or more security filters with a data access language statement, and interpreting the data access statement.
36 Citations
16 Claims
-
1. A method of providing restricted access to data contained in a business intelligence system using a database and having an application with user input, the method including the steps of:
-
a) defining one or more security roles;
b) associating the one or more security roles with business intelligence data stored in the database;
c) deriving one or more security filters from the security roles and storing the one or more security filters;
d) selecting for a user requiring a report the one or more user security roles from the stored one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;
e) accepting, from the user requiring the report, input defining an original data access language statement, to determine the information required to be selected from the database;
f) combining the stored one or more related security filters with the original data access language statement to produce a modified data access statement, to limit the data accessed by the data access statement in accordance with the previously selected security roles;
g) accessing the data stored within the database by interpreting the modified data access statement; and
h) presenting the user requiring the report with business intelligence data accessed by the modified data access statement. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-based system for providing restricted access to data contained in a business intelligence system having an application with user input, the system comprising:
-
a) means for defining one or more security roles;
b) means for associating the one or more security roles with business intelligence data stored in the database;
c) means for deriving one or more security filters from the security roles and storing the one or more security filters;
d) means for selecting for a user requiring a report the one or more user security roles from the stored one or more security roles and thereby selecting one or more user security filters from the one or more related security filters;
e) means for accepting, from the user requiring the report, input defining an original data access language statement, to determine the information required to be selected from the database;
f) means for combining the stored one or more related security filters with the original data access language statement to produce a modified data access statement, to limit the data accessed by the data access statement in accordance with the previously selected security roles;
g) means for accessing the data stored within the database by interpreting the modified data access statement, and h) means for presenting the user requiring the database with business intelligence data accessed by the modified data access statement. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification