Managing electronic information

US 20050131901A1
Filed: 12/15/2003
Published: 06/16/2005
Est. Priority Date: 12/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

analyzing database access statements issued for an application in use;

determining accessed items and types of access for the application based on the issued database access statements for the application; and

developing a role associated with the application based on the determined accessed items and types of access, wherein the role may be used to allow a user database access when associated with the application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Electronic information management includes techniques for developing and applying database security. In certain implementations, database access statements issued for applications in use are analyzed. Analyzing issued database access statements may include capturing the database access statements, normalizing the database access statements, and eliminating redundancies from the database access statements. A standardized set of issued database access statements may result from the analysis procedure. From the analyzed database access statements, the items accessed and types of access may be determined for an application, and a set of permissions may be determined from the determined items accessed and types of access for the application. A role associated with the application may be developed based on the permissions for the application. The role may be used to allow a user database access when associated with the application.

32 Citations

View as Search Results

23 Claims

1. A method comprising:
- analyzing database access statements issued for an application in use;
  
  determining accessed items and types of access for the application based on the issued database access statements for the application; and
  
  developing a role associated with the application based on the determined accessed items and types of access, wherein the role may be used to allow a user database access when associated with the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein analyzing the issued database access statements comprises:
    - capturing the database access statements;
      
      normalizing the database access statements; and
      
      eliminating redundancies in the database access statements.
  - 3. The method of claim 2 wherein the database access statements comprise Structured Query Language (SQL) queries.
  - 4. The method of claim 1 wherein the determined accessed items and types of access include objects accessed and operations performed on the objects.
  - 5. The method of claim 1 wherein developing a role comprises determining permissions for the application based on the determined accessed items and types of access.
  - 6. The method of claim 1 further comprising determining which of a set of users are authorized to use the application.
  - 7. The method of claim 1 further comprising:
    - detecting a user request to establish an application session;
      
      finding the role associated with the application; and
      
      assigning the role to a user.
  - 8. The method of claim 7 wherein detecting a user request to establish an application session comprises determining if a user is authorized to use the application.
  - 9. The method of claim 7 further comprising:
    - detecting an end of the application session; and
      
      if an end of the application session is detected, disabling the assigned role for the user.

10. An article comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
- analyzing database access statements issued for an application in use;
  
  determining accessed items and types of access for the application based on the issued database access statements for the application; and
  
  developing a role associated with the application based on the determined accessed items and types of access, wherein the role may be used to allow a user database access when associated the application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The article of claim 10, wherein analyzing the issued database access statements comprises:
    - determining whether the database access statements have been captured;
      
      normalizing the database access statements; and
      
      eliminating redundancies in the database access statements.
  - 12. The article of claim 10 wherein the determined accessed items and types of access include objects accessed and operations performed on the objects.
  - 13. The article of claim 10 wherein developing a role comprises determining permissions for the application based on the determined accessed items and types of access.
  - 14. The article of claim 10 wherein the instructions are further operable to cause one or more machines to perform operations comprising determining which of a set of users are authorized to use the application.
  - 15. The article of claim 10 wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - determining whether a user request to establish an application session has been detected;
      
      finding the role associated with the application; and
      
      assigning the role to a user.
  - 16. The article of claim 15 wherein detecting a user request to establish an application session comprises determining if a user is authorized to use the application.
  - 17. The article of claim 15 wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - detecting an end of the application session; and
      
      if an end of the application session is detected, disabling the assigned role for the user.

18. A database security analyzer comprising:
- a communication interface operable to receive database access statements issued for an application in use;
  
  a memory operable to store the issued database access statements; and
  
  a processor operable to develop a role associated with the application based on the issued database access statements for the application, wherein the role may be used to allow a user database access when using the application.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The analyzer of claim 18 wherein developing a role comprises:
    - determining accessed items and types of access for an application based on the issued database access statements for the application;
      
      determining permissions for the application based on the determined accessed items and types of access; and
      
      developing a role associated with the application based on the determined permissions.
  - 20. The analyzer of claim 19 wherein the determined accessed items and types of access include objects accessed and operations performed on the objects.
  - 21. The analyzer of claim 18 wherein developing a role comprises:
    - determining whether issued database access statements have been captured;
      
      normalizing the database access statements; and
      
      eliminating redundancies in the database access statements.
  - 22. The analyzer of claim 18 wherein the memory comprises instructions, and the processor operates according to the instructions.

23. A method comprising:
- capturing the database access statements issued for one or more applications in use, wherein the database access statements comprise Structured Query Language (SQL) queries;
  
  normalizing the issued database access statements;
  
  eliminating redundancies in the normalized database access statements;
  
  determining accessed items and types of access for an application based on the issued database access statements for the application, wherein the determined accessed items and types of access include objects accessed and operations performed on the objects;
  
  determining permissions for the application based on the accessed items and types of access;
  
  developing a role associated with the application based on the developed permissions;
  
  determining which of a set of users are authorized to use the application;
  
  detecting a user request to establish a session of the application;
  
  determining if the user is authorized to use the application;
  
  if the user is authorized to use the application, finding the role associated with the application;
  
  assigning the role to the user;
  
  detecting an end of the application session; and
  
  if an end of the application session is detected, disabling the assigned role for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Richter, John D.

Granted Patent

US 7,590,630 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

Managing electronic information

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Managing electronic information

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links