Method for implementing fine-grained access control using access restrictions
First Claim
1. A data processing system-implemented method for directing a data processing system to control access to data stored on a database having relational objects for which access restrictions are defined for elements of the relational objects, the data processing system-implemented method comprising:
- receiving a user request to access one or more relational objects of the database;
identifying any access restrictions defined for the one or more relational objects;
determining whether any identified access restrictions are applicable to the user request;
determining whether any determined applicable access restrictions are to be enforced for the user request; and
allowing access to the one or more relational objects based on the determined enforceable access restrictions.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is a data processing system-implemented method, a data processing system and an article of manufacture for controlling access to data stored on a database having relational objects for which access restrictions are defined for elements of the relational objects The data processing system-implemented method includes receiving a user request to access one or more relational objects of the database, identifying any access restrictions defined for the one or more relational objects, determining whether any identified access restrictions are applicable to the user request, determining whether any determined applicable access restrictions are to be enforced for the user request, and allowing access to the one or more relational objects based on the determined enforceable access restrictions.
-
Citations
20 Claims
-
1. A data processing system-implemented method for directing a data processing system to control access to data stored on a database having relational objects for which access restrictions are defined for elements of the relational objects, the data processing system-implemented method comprising:
-
receiving a user request to access one or more relational objects of the database;
identifying any access restrictions defined for the one or more relational objects;
determining whether any identified access restrictions are applicable to the user request;
determining whether any determined applicable access restrictions are to be enforced for the user request; and
allowing access to the one or more relational objects based on the determined enforceable access restrictions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article of manufacture for directing a data processing system to control access to data stored on a database having relational objects for which access restrictions are defined for elements of the relational objects, the article comprising:
-
a program usable medium embodying one or more executable data processing system instructions, the executable data processing system instructions comprising;
executable data processing system instructions for receiving a user request to access one or more relational objects of the database;
executable data processing system instructions for identifying any access restrictions defined for the one or more relational objects;
executable data processing system instructions for determining whether any identified access restrictions are applicable to the user request;
executable data processing system instructions for determining whether any determined applicable access restrictions are to be enforced for the user request; and
, executable data processing system instructions for allowing access to the one or more relational objects based on the determined enforceable access restrictions. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A data processing system for controlling access to data stored on a database having relational objects for which access restrictions are defined for elements of the relational objects, the data processing system comprising:
-
a module for receiving a user request to access a relational object;
a database catalog defining access restrictions for restricting user access to the database, wherein each access restriction identifies a row or column in a relational object to which the access restriction applies, a type of access which is restricted, and information concerning one or more users to which the access restriction applies;
a restriction evaluation module including a component for identifying any access restrictions defined for the one or more relational objects, a component for determining whether any identified access restrictions are applicable to the user request, and a component for determining whether any determined applicable access restrictions are to be enforced for the user request; and
a module for allowing access to the one or more relational objects based on the determined enforceable access restrictions. - View Dependent Claims (18, 19, 20)
-
Specification