Database entitlement

US 20080052291A1
Filed: 08/22/2006
Published: 02/28/2008
Est. Priority Date: 08/22/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a relational database, the method comprising:

defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases;

receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and

determining if the user is authorized to access the requested data by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer-readable medium for controlling access to a relational database is presented. The method includes: defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases; receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and determining if the user is authorized to access the requested data by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user. The plurality of entitlement tables may have a priority hierarchy, wherein the priority hierarchy defines a higher priority entitlement table as being dominant to a lower priority entitlement table.

72 Citations

View as Search Results

20 Claims

1. A method for controlling access to a relational database, the method comprising:
- defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases;
  
  receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and
  
  determining if the user is authorized to access the requested data by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18)
- - 2. The method of claim 1, wherein the plurality of entitlement tables have a priority hierarchy, wherein the priority hierarchy defines a higher priority entitlement table as being dominant to, and therefore overrides, a lower priority entitlement table.
  - 3. The method of claim 2, further comprising:
    - in response to determining an existence of a higher priority entitlement table that overrides a lower priority entitlement table, controlling access to the requested data according to entitlement criteria for the user identifier found in the higher priority entitlement table.
  - 4. The method of claim 1, wherein the relational database program is DB2.
  - 5. The method of claim 4, wherein the user identifier is a Structured Query Language (SQL) identifier that is in a header in the request for the requested data, wherein the SQL identifier was created by the DB2 relational database program for the user when the user logged into the DB2 relational database program.
  - 6. The method of claim 2, wherein at least one of the plurality of entitlement tables includes only rules for inclusion that permit a user with a specific user identifier to access the requested data, and wherein at least one of the plurality of entitlement tables includes only rules for exclusion that prohibit a user from accessing the requested data.
  - 7. The method of claim 1, wherein access to requested data is limited to a single row of data in a relational database.
  - 8. The method of claim 1, further comprising:
    - receiving, by an Assistance Allocation Manager (AAM), an Assistance Initiating Data (AID) from a resource in a data processing system; and
      
      in response to receiving the AID, executing a rule, in the AAM, that is specific for the AID and the resource that sent the AID, wherein executing the rule in the AAM causes the steps described in claim 1 to be executed for the resource that sent the AID.
  - 18. The computer-readable medium of claim 11, wherein the computer executable instructions are further configured for:
    - receiving, by an Assistance Allocation Manager (AAM), an Assistance Initiating Data (AID) from a resource in a data processing system; and
      
      in response to receiving the AID, executing a rule, in the AAM, that is specific for the AID and the resource that sent the AID, wherein executing the rule in the AAM causes the steps described in claim 1 to be executed for the resource that sent the AID.

9. A system comprising:
- a processor;
  
  a data bus coupled to the processor;
  
  a memory coupled to the data bus; and
  
  a computer-usable medium embodying computer program code, the computer program code comprising instructions executable by the processor and configured for;
  
  defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases;
  
  receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and
  
  determining if the user is authorized to access the requested data by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user.
- View Dependent Claims (10)
- - 10. The system of claim 9, wherein the plurality of entitlement tables have a priority hierarchy, wherein the priority hierarchy defines a higher priority entitlement table as being dominant to, and therefore overrides, a lower priority entitlement table.

11. A computer-readable medium embodying computer program code for controlling access to a relational database, the computer program code comprising computer executable instructions configured for:
- defining and creating a plurality of entitlement tables, wherein the entitlement tables are usable by multiple relational databases;
  
  receiving a request, from a user, for access to requested data in a relational database, wherein the user is identified by a user identifier that is set by a relational database program; and
  
  determining if the user is authorized to access the requested data by comparing the user identifier with an entry in an entitlement table that is associated with the requested data in the relational database, wherein the entitlement table defines which data classifications are authorized to be accessed by the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 19, 20)
- - 12. The computer-readable medium of claim 11, wherein the plurality of entitlement tables have a priority hierarchy, wherein the priority hierarchy defines a higher priority entitlement table as being dominant to, and therefore overrides, a lower priority entitlement table.
  - 13. The computer-readable medium of claim 12, wherein the computer executable instructions are further configured for:
    - in response to determining an existence of a higher priority entitlement table that overrides a lower priority entitlement table, controlling access to the requested data according to entitlement criteria for the user identifier found in the higher priority entitlement table.
  - 14. The computer-readable medium of claim 11, wherein the relational database program is DB2.
  - 15. The computer-readable medium of claim 14, wherein the user identifier is a Structured Query Language (SQL) identifier that is in a header in the request for the requested data, wherein the SQL identifier was created by the DB2 relational database program for the user when the user logged into the DB2 relational database program.
  - 16. The computer-readable medium of claim 12, wherein at least one of the plurality of entitlement tables includes only rules for inclusion that permit a user with a specific user identifier to access the requested data, and wherein at least one of the plurality of entitlement tables includes only rules for exclusion that prohibit a user from accessing the requested data.
  - 17. The computer-readable medium of claim 11, wherein access to requested data is limited to a single row of data in a relational database.
  - 19. The computer-readable medium of claim 11, wherein the computer executable instructions are deployable to a client computer from a download server that is at a remote location.
  - 20. The computer-readable medium of claim 11, wherein the computer executable instructions are provided by a download service provider to a client computer on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bender, Michael

Granted Patent

US 8,676,845 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/6227 where protection concerns t...

Database entitlement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

72 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Database entitlement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links