SYSTEM AND METHOD FOR DYNAMIC AUTHORIZATION TO DATABASE OBJECTS
First Claim
1. A method for granting access to a database object in a system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising the steps of:
- a. receiving an access request from a user;
b. examining the access request against the access control document and GRANT parameters;
c. determining whether the user is allowed access to the database object according to security rules, the access control document and GRANT parameters;
d. if not, rejecting the access to the database object;
e. if so, granting access to the database object.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a system and method allows a user to add a parameter at the end of the GRANT statement that would not require multiple changes by the DBA. The parameter may indicate that the user only needs to have access for 2 days, or to have access when a flag is set in the database. This reduces the frequency that a DBA needs to be engaged and decreases the cycle time that is necessary to turn the request around. An additional benefit is that the authority is removed when it should be. This then also improves the business controls around the data.
-
Citations
19 Claims
-
1. A method for granting access to a database object in a system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising the steps of:
-
a. receiving an access request from a user; b. examining the access request against the access control document and GRANT parameters; c. determining whether the user is allowed access to the database object according to security rules, the access control document and GRANT parameters; d. if not, rejecting the access to the database object; e. if so, granting access to the database object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product in a computer readable medium for operating in a system comprising a network I/O, a CPU, and one or more databases, for implementing a method in a system for determining whether access should be granted to a database object in a system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising the steps of:
-
a. receiving an access request from a user; b. examining the access request against the access control document and GRANT parameters; c. determining whether the user is allowed access to the database object according to security rules, the access control document and GRANT parameters; d. if not, rejecting the access to the database object; e. if so, granting access to the database object. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for granting access to a database comprising the steps of:
-
a. providing a grant statement capability for the database, the grant statement having a time limitation or access flag value parameter; b. setting the parameter to a time limitation or SQL statement operator value in a first grant statement and requesting authority with the first grant statement; c. providing access to the requesting authority for the time limitation or the operator value; and d. removing the access to the requesting authority.
-
-
18. A system, having database objects, for determining whether access should be granted to a database object in the system, the system having an access control document for the database object, the access control document having access GRANT parameters for the database object, comprising:
-
a. a transmitter/receiver for receiver requests for access to data objects from users and for receiving their user IDs and for transmitting the data objects or data access rejections; b. a parser for parsing the requests and the user IDs; c. an examiner for examining the parsed requests and user IDs; d. a determiner for pulling a GRANT access document and determining whether the parsed request should be granted based upon the examination of the access request and user ID against the GRANT access document; and e. a database for storing the database object. - View Dependent Claims (19)
-
Specification