SYSTEM AND METHOD FOR DYNAMIC AUTHORIZATION TO DATABASE OBJECTS

US 20080319998A1
Filed: 06/20/2007
Published: 12/25/2008
Est. Priority Date: 06/20/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for granting access to a database object in a system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising the steps of:

a. receiving an access request from a user;

b. examining the access request against the access control document and GRANT parameters;

c. determining whether the user is allowed access to the database object according to security rules, the access control document and GRANT parameters;

d. if not, rejecting the access to the database object;

e. if so, granting access to the database object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method allows a user to add a parameter at the end of the GRANT statement that would not require multiple changes by the DBA. The parameter may indicate that the user only needs to have access for 2 days, or to have access when a flag is set in the database. This reduces the frequency that a DBA needs to be engaged and decreases the cycle time that is necessary to turn the request around. An additional benefit is that the authority is removed when it should be. This then also improves the business controls around the data.

Citations

19 Claims

1. A method for granting access to a database object in a system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising the steps of:
- a. receiving an access request from a user;
  
  b. examining the access request against the access control document and GRANT parameters;
  
  c. determining whether the user is allowed access to the database object according to security rules, the access control document and GRANT parameters;
  
  d. if not, rejecting the access to the database object;
  
  e. if so, granting access to the database object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further including the steps of receiving the requesting user'"'"'s ID and examining the requesting user'"'"'s ID against the access control document and GRANT parameters to determine whether the requesting user can obtain access to the database object.
  - 3. The method of claim 2 wherein the GRANT parameters include the timeframe in which the requesting user can obtain access to the database object.
  - 4. The method of claim 3 wherein the GRANT parameters include timestamps.
  - 5. The method of claim 2 wherein the GRANT parameters include the timeframe in which the requesting user cannot obtain access to the database object.
  - 6. The method of claim 5 wherein the GRANT parameters include timestamps.
  - 7. The method of claim 2 wherein the GRANT parameters are stored in a database table.
  - 8. The method of claim 1 further including the step of a database administrator changing the GRANT parameters.

9. A computer program product in a computer readable medium for operating in a system comprising a network I/O, a CPU, and one or more databases, for implementing a method in a system for determining whether access should be granted to a database object in a system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising the steps of:
- a. receiving an access request from a user;
  
  b. examining the access request against the access control document and GRANT parameters;
  
  c. determining whether the user is allowed access to the database object according to security rules, the access control document and GRANT parameters;
  
  d. if not, rejecting the access to the database object;
  
  e. if so, granting access to the database object.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9 wherein the method further includes the steps of receiving the requesting user'"'"'s ID and examining the requesting user'"'"'s ID against the access control document and GRANT parameters to determine whether the requesting user can obtain access to the database object.
  - 11. The computer program product of claim 10 wherein the GRANT parameters include the timeframe in which the requesting user can obtain access to the database object.
  - 12. The computer program product of claim 11 wherein the GRANT parameters include timestamps.
  - 13. The computer program product of claim 10 wherein the GRANT parameters include the timeframe in which the requesting user cannot obtain access to the database object.
  - 14. The computer program product of claim 10 wherein the GRANT parameters include timestamps.
  - 15. The computer program product of claim 10 wherein the GRANT parameters are stored in a database table.
  - 16. The computer program product of claim 10 wherein the method further includes the step of a database administrator changing the GRANT parameters.

17. A method for granting access to a database comprising the steps of:
- a. providing a grant statement capability for the database, the grant statement having a time limitation or access flag value parameter;
  
  b. setting the parameter to a time limitation or SQL statement operator value in a first grant statement and requesting authority with the first grant statement;
  
  c. providing access to the requesting authority for the time limitation or the operator value; and
  
  d. removing the access to the requesting authority.

18. A system, having database objects, for determining whether access should be granted to a database object in the system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising:
- a. a transmitter/receiver for receiver requests for access to data objects from users and for receiving their user IDs and for transmitting the data objects or data access rejections;
  
  b. a parser for parsing the requests and the user IDs;
  
  c. an examiner for examining the parsed requests and user IDs;
  
  d. a determiner for pulling a GRANT access document and determining whether the parsed request should be granted based upon the examination of the access request and user ID against the GRANT access document; and
  
  e. a database for storing the database object.
- View Dependent Claims (19)
- - 19. The system of claim 18 further comprising an updater to update the GRANT access document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bender, Michael

Application Number

US11/765,467
Publication Number

US 20080319998A1
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 2221/2151 Time stamp

SYSTEM AND METHOD FOR DYNAMIC AUTHORIZATION TO DATABASE OBJECTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DYNAMIC AUTHORIZATION TO DATABASE OBJECTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links