Instance-based authorization utilizing query augmentation
First Claim
1. A method for persistent data authorization, comprising:
- receiving a query at a management device;
identifying authorization constraints at the management device utilizing an authorization model, wherein the authorization model comprises at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy;
modifying said query based on said authorization constraints;
sending said modified query to a database; and
receiving data in response to said modified query, the received data configured for transmission from the management device without further filtering;
wherein the query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method for persistent data authorization includes receiving a query at a management device and identifying authorization constraints at the management device utilizing an authorization model. The authorization model includes at least one group hierarchy defining authorization based on a relationship between levels in the hierarchy. The query is modified based on the authorization constraints and the modified query is sent to the database. Data is received in response to the modified query and is configured for transmission from the management device without further filtering. The query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query. A system and apparatus for persistent data authorization are also disclosed.
30 Citations
15 Claims
-
1. A method for persistent data authorization, comprising:
-
receiving a query at a management device; identifying authorization constraints at the management device utilizing an authorization model, wherein the authorization model comprises at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy; modifying said query based on said authorization constraints; sending said modified query to a database; and receiving data in response to said modified query, the received data configured for transmission from the management device without further filtering; wherein the query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for persistent data authorization, comprising:
-
a processor configured for receiving a query, identifying authorization constraints, modifying said query based on said authorization constraints, sending said modified query to a database, and receiving data in response to said modified query, the received data configured for transmission without further filtering; and memory for storing an authorization model used to identify said authorization constraints and comprising at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy; wherein said query and said modified query are both configured for communication directly with the database with no modification to the database required for the modified query. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for persistent data authorization, comprising:
-
means for receiving a query at a management device; means for identifying authorization constraints at the management device utilizing an authorization model, wherein the authorization model comprises at least one group hierarchy defining authorization based on a relationship between levels in said hierarchy; means for modifying said query based on said authorization constraints; means for sending said modified query to a database; and means for receiving data in response to said modified query, the received data configured for transmission from the management device without further filtering; wherein the query received at the management device and the modified query are both configured for communication directly with the database with no modification to the database required for the modified query. - View Dependent Claims (12, 13, 14, 15)
-
Specification