Instance-based authorization utilizing query augmentation

US 20080133530A1
Filed: 12/01/2006
Published: 06/05/2008
Est. Priority Date: 12/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method for persistent data authorization, comprising:

receiving a query at a management device;

identifying authorization constraints at the management device utilizing an authorization model, wherein the authorization model comprises at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy;

modifying said query based on said authorization constraints;

sending said modified query to a database; and

receiving data in response to said modified query, the received data configured for transmission from the management device without further filtering;

wherein the query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for persistent data authorization includes receiving a query at a management device and identifying authorization constraints at the management device utilizing an authorization model. The authorization model includes at least one group hierarchy defining authorization based on a relationship between levels in the hierarchy. The query is modified based on the authorization constraints and the modified query is sent to the database. Data is received in response to the modified query and is configured for transmission from the management device without further filtering. The query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query. A system and apparatus for persistent data authorization are also disclosed.

30 Citations

View as Search Results

15 Claims

1. A method for persistent data authorization, comprising:
- receiving a query at a management device;
  
  identifying authorization constraints at the management device utilizing an authorization model, wherein the authorization model comprises at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy;
  
  modifying said query based on said authorization constraints;
  
  sending said modified query to a database; and
  
  receiving data in response to said modified query, the received data configured for transmission from the management device without further filtering;
  
  wherein the query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising parsing said query statement and searching for a target instance in said authorization model.
  - 3. The method of claim 1 further comprising retrieving user groups to which a user submitting said query belongs.
  - 4. The method of claim 1 wherein said group hierarchy levels correspond to component type of a network device.
  - 5. The method of claim 4 wherein said component types comprise a chassis at a top level, cards at a middle level, and ports at a bottom level of said hierarchy.

6. An apparatus for persistent data authorization, comprising:
- a processor configured for receiving a query, identifying authorization constraints, modifying said query based on said authorization constraints, sending said modified query to a database, and receiving data in response to said modified query, the received data configured for transmission without further filtering; and
  
  memory for storing an authorization model used to identify said authorization constraints and comprising at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy;
  
  wherein said query and said modified query are both configured for communication directly with the database with no modification to the database required for the modified query.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6 wherein the processor is configured for parsing said query statement and searching for a target instance in said authorization model.
  - 8. The apparatus of claim 6 wherein the processor is configured for retrieving user groups to which a user submitting said query belongs.
  - 9. The apparatus of claim 6 wherein said group hierarchy levels correspond to component type of a network device.
  - 10. The apparatus of claim 9 wherein said component types comprise a chassis at a top level, cards at a middle level, and ports at a bottom level of said hierarchy.

11. A system for persistent data authorization, comprising:
- means for receiving a query at a management device;
  
  means for identifying authorization constraints at the management device utilizing an authorization model, wherein the authorization model comprises at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy;
  
  means for modifying said query based on said authorization constraints;
  
  means for sending said modified query to a database; and
  
  means for receiving data in response to said modified query, the received data configured for transmission from the management device without further filtering;
  
  wherein the query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11 further comprising means for parsing said query statement and searching for a target instance in said authorization model.
  - 13. The system of claim 11 further comprising means for retrieving user groups to which a user submitting said query belongs.
  - 14. The system of claim 11 wherein said group hierarchy levels correspond to component type of a network device.
  - 15. The system of claim 14 wherein said component types comprise a chassis at a top level, cards at a middle level, and ports at a bottom level of said hierarchy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wang, Alex, Sadjadi, Shahrokh

Granted Patent

US 7,483,889 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2145   Inheriting rights or proper...

Instance-based authorization utilizing query augmentation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Instance-based authorization utilizing query augmentation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links