IMPLEMENTING ACCESS CONTROL FOR QUERIES TO A CONTENT MANAGEMENT SYSTEM
First Claim
1. A computer program product having instruction codes stored on a computer-useable medium for implementing access control for a query to a content management system that includes a content management server, the computer program product comprising:
- a set of instruction codes executed at a user processor for transmitting the query to the content management server;
wherein the user processor is remotely located relative to the content management server to prevent user access to the content management server and to prevent the bypass of the security of the content management server;
a set of instruction codes executed at the content management server, for parsing the query into a plurality of portions;
a set of instruction codes executed at the content management server, for creating an access control logic string for the query according to an access control privilege information of the user, wherein the access control logic string is query language that prohibits an unauthorized user from accessing restricted data;
a set of instruction codes executed at the content management server, for inserting the access control logic string in each portion of the query that has been parsed to generate a dynamic query, wherein the dynamic query is a result of adding the access control logic string to each of the plurality of portions of the query; and
a set of instruction codes for executing the dynamic query; and
a set of instruction codes for generating a secure query result.
0 Assignments
0 Petitions
Accused Products
Abstract
A system to generate an SQL sub-expression that implement access control rules stored in a library server. The SQL sub-expression is then merged with the SQL passed from an application program interface (API). The access control checking mechanism is implemented on the server side of the content management system. In this client/server environment, the query SQL statement is built in two layers: the API (client) layer and the server layer. The API sends the query string to the underlying stored procedure. The stored procedure then generates the access control logic based on the configuration parameters of the library server. This access control logic is dynamically added to the query string sent by the API. The stored procedure prepares, builds and executes this new query string as a dynamic SQL statement.
-
Citations
6 Claims
-
1. A computer program product having instruction codes stored on a computer-useable medium for implementing access control for a query to a content management system that includes a content management server, the computer program product comprising:
-
a set of instruction codes executed at a user processor for transmitting the query to the content management server; wherein the user processor is remotely located relative to the content management server to prevent user access to the content management server and to prevent the bypass of the security of the content management server; a set of instruction codes executed at the content management server, for parsing the query into a plurality of portions; a set of instruction codes executed at the content management server, for creating an access control logic string for the query according to an access control privilege information of the user, wherein the access control logic string is query language that prohibits an unauthorized user from accessing restricted data; a set of instruction codes executed at the content management server, for inserting the access control logic string in each portion of the query that has been parsed to generate a dynamic query, wherein the dynamic query is a result of adding the access control logic string to each of the plurality of portions of the query; and a set of instruction codes for executing the dynamic query; and
a set of instruction codes for generating a secure query result.
-
-
3. A processor-implemented system for implementing access control for a query to a content management system that includes a content management server, the system comprising:
-
means for transmitting the query to the content management server from a user processor; wherein the user processor is remotely located relative to the content management server to prevent user access to the content management server, to prevent the bypass of the security of the content management server; means for parsing the query into a plurality of portions at the content management server; means for creating an access control logic string for the query at the content management server according to an access control privilege information of the user, wherein the access control logic string is query language that prohibits an unauthorized user from accessing restricted data; and means for inserting the access control logic string in each portion of the query string that has been parsed at the content management server to generate a dynamic query, wherein the dynamic query is a result of adding the access control logic string to each of the plurality of portions of the query; means for executing the dynamic query; and means for generating a secure query result. - View Dependent Claims (2, 4)
-
-
5. A content management system, comprising:
-
a library server containing a user metadata and a system metadata describing a primary content in a resource manager coupled to the library server, the library server comprising; an access control logic generator, the access control logic generator inserting access control throughout a first query to prevent access to both the primary content and the user and system metadata describing the primary content from unauthorized users; a query processor that receives a plurality of queries in a first format from a client computer and translates a plurality of queries into a second format usable by the library server; and an application program interface, the application program interface coupled between the library server and the resource manager, wherein data is transferred between the library server and the resource manager via the application program interface.
-
-
6. The content management system of claim 10 wherein a client computer having a client application is coupled to the content management system via the application program interface.
Specification