Managing electronic information
First Claim
1. A method comprising:
- analyzing database access statements issued for an application in use;
determining accessed items and types of access for the application based on the issued database access statements for the application; and
developing a role associated with the application based on the determined accessed items and types of access, wherein the role may be used to allow a user database access when associated with the application.
4 Assignments
0 Petitions
Accused Products
Abstract
Electronic information management includes techniques for developing and applying database security. In certain implementations, database access statements issued for applications in use are analyzed. Analyzing issued database access statements may include capturing the database access statements, normalizing the database access statements, and eliminating redundancies from the database access statements. A standardized set of issued database access statements may result from the analysis procedure. From the analyzed database access statements, the items accessed and types of access may be determined for an application, and a set of permissions may be determined from the determined items accessed and types of access for the application. A role associated with the application may be developed based on the permissions for the application. The role may be used to allow a user database access when associated with the application.
-
Citations
23 Claims
-
1. A method comprising:
-
analyzing database access statements issued for an application in use;
determining accessed items and types of access for the application based on the issued database access statements for the application; and
developing a role associated with the application based on the determined accessed items and types of access, wherein the role may be used to allow a user database access when associated with the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
-
analyzing database access statements issued for an application in use;
determining accessed items and types of access for the application based on the issued database access statements for the application; and
developing a role associated with the application based on the determined accessed items and types of access, wherein the role may be used to allow a user database access when associated the application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A database security analyzer comprising:
-
a communication interface operable to receive database access statements issued for an application in use;
a memory operable to store the issued database access statements; and
a processor operable to develop a role associated with the application based on the issued database access statements for the application, wherein the role may be used to allow a user database access when using the application. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A method comprising:
-
capturing the database access statements issued for one or more applications in use, wherein the database access statements comprise Structured Query Language (SQL) queries;
normalizing the issued database access statements;
eliminating redundancies in the normalized database access statements;
determining accessed items and types of access for an application based on the issued database access statements for the application, wherein the determined accessed items and types of access include objects accessed and operations performed on the objects;
determining permissions for the application based on the accessed items and types of access;
developing a role associated with the application based on the developed permissions;
determining which of a set of users are authorized to use the application;
detecting a user request to establish a session of the application;
determining if the user is authorized to use the application;
if the user is authorized to use the application, finding the role associated with the application;
assigning the role to the user;
detecting an end of the application session; and
if an end of the application session is detected, disabling the assigned role for the user.
-
Specification