Controlling access to a database using database internal and external authorization information

US 20060173810A1
Filed: 02/01/2005
Published: 08/03/2006
Est. Priority Date: 02/01/2005
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a database, comprising:

receiving, by a database component, a request to access a database, wherein said database component can access said database;

determining, based on authentication information associated with said request, whether said request can be authenticated;

determining, by said database component, whether access to said database should be granted as a database internal account which has been defined for said database, or as a database external account which has also been defined for said database, when said determining determines that said request can be authenticated;

authorizing , by said database component, access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account which has been defined for said database; and

authorizing, by said database component, access to said database based on access privilege information defined for a database external account when said determines that access to said database should be granted as a database external account.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for using both database internal and database external authorization information to control access to a database are disclosed. Corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as “external” database accounts with database external authorization information that define database external access privileges for a database. The database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts. An integrated access-privilege set is generated and used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database. As a result, databases can be integrated with various non-database entities (e.g., corporate computing systems).

15 Citations

View as Search Results

20 Claims

1. A method for controlling access to a database, comprising:
- receiving, by a database component, a request to access a database, wherein said database component can access said database;
  
  determining, based on authentication information associated with said request, whether said request can be authenticated;
  
  determining, by said database component, whether access to said database should be granted as a database internal account which has been defined for said database, or as a database external account which has also been defined for said database, when said determining determines that said request can be authenticated;
  
  authorizing , by said database component, access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account which has been defined for said database; and
  
  authorizing, by said database component, access to said database based on access privilege information defined for a database external account when said determines that access to said database should be granted as a database external account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, wherein said determining of whether access to said database should be granted as a database internal account or as a database external account, further comprises:
    - determining an integrated access-privilege set that includes authorization information for at least one database internal account and authorization information for at least one database external account.
  - 3. A method as recited in claim 1, wherein said integrated access-privilege set is an ordered list of access-privileges associated with both of said at least one database internal account and at least one database external account.
  - 4. A method as recited in claim 3, determining whether access to said database should be granted as a database internal account or as a database external account comprises:
    - determining access-privilege based on the order of access privileges in said ordered list.
  - 5. A method as recited in claim 1, further comprises:
    - authenticating said authentication information by an external database component which does not directly access said database; and
      
      receiving database external authorization information from said external database component.
  - 6. A method as recited in claim 5, wherein said authentication information includes a username and a password, and wherein said external database component is an authenticator associated with an operating system.
  - 7. A method as recited in claim 6, further comprising one or more of the following:
    - defining a set of database internal authorization information for said username and password; and
      
      storing said internal authorization information in database internal accounts for said database.
  - 8. A method as recited in claim 7, further comprising:
    - defining a set of database external authorization information for said username and password, based on one or more database external privilege-identifiers which has been defined for an operating system.
  - 9. A method as recited in claim 8, wherein said database external privilege-identifiers are one or more group names defined for said operating system, and one or more access-privileges have been associated with each one of said one or more groups and stored as database external authentication information for said database.

10. A database server component for controlling access to a database, wherein said database server component is capable of:
- receiving a request, from a database client component, to access said database;
  
  sending authentication information associated with said request to an external authenticator for authentication;
  
  determining whether said external authenticator has authenticated said authentication information;
  
  determining whether access to said database should be granted as a database internal account or as a database external account when said determining determines that said external authenticator has authenticated said authentication information;
  
  authorizing access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account which has been defined for said database; and
  
  authorizing access to said database based on access privilege information defined for a database external account when said determines that access to said database should be granted as a database external account.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A database server component as recited in claim 10, wherein said database server component comprises:
    - an authentication interface that is capable of communicating with said external authenticator, wherein said external authenticator can operate to;
      
      authenticate said authentication information; and
      
      forward database external authorization information to said authentication interface of said database server component.
  - 12. A database server component as recited in claim 11, wherein said database external authorization information includes one or more group names defined for said database system, and one or more access-privileges have been associated with each one of said one or more groups and stored as database external authentication information for said database.
  - 13. A database server component as recited in claim 11, wherein said determining of whether access to said database should be granted as a database internal account or as a database external account further comprises:
    - determining an integrated access-privilege set that includes authorization information for at least one database internal account and authorization information for at least one database external account.
  - 14. A database server component as recited in claim 12, wherein said integrated access-privilege set is an ordered list of access-privileges associated with both of said at least one database internal account and at least one database external account.
  - 15. A database server component as recited in claim 10, wherein said authentication information includes a username and a password, and wherein said external authenticator is associated with an operating system.
  - 16. A database server component as recited in claim 10, wherein said database external privilege-identifiers are one or more group names defined for said database system, and one or more access-privileges have been associated with each one of said one or more groups and stored as database external authentication information for said database.

17. A computer readable medium including computer program code for controlling access to a database, comprising:
- computer program code for receiving a request, from a database client component, to access said database;
  
  computer program code for sending authentication information associated with said request to an external authenticator for authentication;
  
  computer program code for determining whether said external authenticator has authenticated said authentication information;
  
  computer program code for determining whether access to said database should be granted as a database internal account or as a database external account when said determining determines that said external authenticator has authenticated said authentication information;
  
  computer program code for authorizing access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account which has been defined for said database; and
  
  computer program code for authorizing access to said database based on access privilege information defined for a database external account when said determines that access to said database should be granted as a database external account.
- View Dependent Claims (18, 19, 20)
- - 18. A computer readable medium as recited in claim 17, further comprising:
    - computer program code for determining an integrated access-privilege set that includes authorization information for at least one database internal account and authorization information for at least one database external account.
  - 19. A computer readable medium as recited in claim 18, wherein said integrated access-privilege set is an ordered list of access-privileges associated with both of said at least one database internal account and at least one database external account.
  - 20. A computer readable medium as recited in claim 19, wherein said determining of whether access to said database should be granted as a database internal account or as a database external account comprises:
    - determining access-privilege based on the order of access privileges in said ordered list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Computer Incorporated (Apple Inc.)
Inventors
Hom, Erwin, Maeckel, Clay

Granted Patent

US 7,516,134 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Controlling access to a database using database internal and external authorization information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to a database using database internal and external authorization information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links