Restricting access to data based on data source rewriting

US 20070038596A1
Filed: 08/15/2005
Published: 02/15/2007
Est. Priority Date: 08/15/2005
Status: Abandoned Application

First Claim

Patent Images

1. A data accessing system, comprising:

a data source processing component configured to receive information indicative of a characteristic of a requester requesting data, and to re-write a data source identified in an input query from the requester to restrict the data source, available through the query, based on the characteristic of the requester.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data access is controlled by re-writing a data source, identified in an input query. The re-writing can be, for example, to a view or subquery or another data source, based on a variety of different criteria such as identity, role, group or other criteria.

Citations

20 Claims

1. A data accessing system, comprising:
- a data source processing component configured to receive information indicative of a characteristic of a requester requesting data, and to re-write a data source identified in an input query from the requester to restrict the data source, available through the query, based on the characteristic of the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The data accessing system of claim 1 wherein the information indicative of a characteristic of the requester comprises identity information indicative of an identity of the requester and wherein the data source processing component is configured to re-write the source in the input query based on the identity of the requester.
  - 3. The data accessing system of claim 1 wherein the information indicative of a characteristic of the requester comprises role information indicative of a role of the requester and wherein the data source processing component is configured to re-write the source in the input query based on the role of the requester.
  - 4. The data accessing system of claim 1 wherein the information indicative of a characteristic of the requester comprises group information indicative of a group to which the requester belongs and wherein the data source processing component is configured to re-write the source in the input query based on the group.
  - 5. The data accessing system of claim 1 wherein the information indicative of a characteristic of the requester comprises requester device information indicative of a characteristic of the device used by the requester and wherein the data source processing component is configured to re-write the source in the input query based on the characteristic of the device.
  - 6. The data accessing system of claim 1 wherein the data source processing component is configured to re-write the data source to restrict the source to enforce security permissions to access the data.
  - 7. The data accessing system of claim 1 wherein the data source comprises a relational data store in which data is stored in rows and columns in tables and wherein the data source processing component is configured to perform row-wise restriction of the data source.
  - 8. The data accessing system of claim 1 wherein the data source comprises a relational data store in which data is stored in rows and columns in tables and wherein the data source processing component is configured to perform column-wise restriction of the data source.
  - 9. The data accessing system of claim 1 wherein the data source comprises a relational data store in which data is stored in rows and columns in tables and wherein the data source processing component is configured to direct the query to a set of tables based on the characteristic of the requester.
  - 10. The data accessing system of claim 1 wherein the data source processing component is configured to re-write the data source to a subquery.
  - 11. The data accessing system of claim 1 wherein the data source processing component is configured to resolve the data source to a view mapped to the characteristic of the requester.
  - 12. The data accessing system of claim 2 wherein the data source processsing component is configured to determine the identity information.
  - 13. The data accessing system of claim 2 wherein the data source processing component is configured to receive the identity information from another component.
  - 14. The data accessing system of claim 1 and further comprising:
    - a query transforming component configured to translate the query from an object-based query to a relational database query.
  - 15. The data accessing component of claim 14 wherein the data source processing component is separate from the query transforming component and interchangeable with other data source processing components in connection with the query transforming component.
  - 16. The data accessing component of claim 14 wherein the data source processing component is integral with the query transforming component.
  - 17. The data accessing component of claim 14 wherein the query transforming component and the data source processing component interact to recursively resolve the data source.
  - 18. The data accessing component of claim 1 wherein the data source processing component further comprises a data source resolution component that resolves the data source.

19. A method of controlling access to data in a data store, comprising:
- receiving a query, identifying a data source, for data from a requester;
  
  obtaining identity information corresponding to the requester;
  
  re-writing the data source in the query based on the identity information; and
  
  executing the query, with the re-written data source, against the data store.
- View Dependent Claims (20)
- - 20. The method of claim 19 wherein re-writing the data source comprises:
    - resolving the data source to a view of the data allowed based on the identity information, or to a subquery within the query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Anonsen, Steven, Pizzo, Michael, Swan, Dempsey, Uhlar, Michael

Application Number

US11/203,922
Publication Number

US 20070038596A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2452 Query translation

G06F 21/6227 where protection concerns t...

Restricting access to data based on data source rewriting

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Restricting access to data based on data source rewriting

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links