DECLARATIVE ATTRIBUTE SECURITY USING CUSTOM PROPERTIES

US 20110191751A1
Filed: 03/11/2010
Published: 08/04/2011
Est. Priority Date: 02/03/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implement method for developing applications that provide data security, the method comprising:

receiving, at a computer system, information specifying a view object as a component of an application development framework, the view object defining how to obtain data corresponding to business objects stored in a datasource for use by an application created by the application development framework, the view object having at least one attribute corresponding to an attribute of the business objects stored in the datasource;

receiving, at the computer system, information defining a custom property of the at least one attribute of the view object, the custom property configured to enable attribute-based security for the attribute of the business objects stored in the datasource;

receiving, at the computer system, a value for the custom property of the at least one attribute of the view object, the value indicative of one or more security privileges for the attribute of the business objects stored in the datasource; and

generating, with a processor of the computer system, a definition for the view object such that instances of the view object instantiated from the definition, based on a determination that the one or more security privileges specified in the custom property for the at least one attribute of the view object are not satisfied, cache a portion of the data corresponding to the business objects stored in the datasource that excludes data corresponding to the attribute of the business objects.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, application development tools can allow developers to control whether or not an attribute of a view object is displayed by declaratively associating a data security privilege with the attribute. Associating a data security privilege with the attribute can be done by adding a specially named custom property on the view object attribute. Modifications to a base class can provide any necessary support to retrieve the privilege and determine whether a current user is allowed to view the attribute for the current record/row. If the user is authorized to view the attribute for the current record/row, then the attribute value is returned and displayed. Otherwise, redacting information, such as “*****” can be returned and displayed.

Citations

22 Claims

1. A computer-implement method for developing applications that provide data security, the method comprising:
- receiving, at a computer system, information specifying a view object as a component of an application development framework, the view object defining how to obtain data corresponding to business objects stored in a datasource for use by an application created by the application development framework, the view object having at least one attribute corresponding to an attribute of the business objects stored in the datasource;
  
  receiving, at the computer system, information defining a custom property of the at least one attribute of the view object, the custom property configured to enable attribute-based security for the attribute of the business objects stored in the datasource;
  
  receiving, at the computer system, a value for the custom property of the at least one attribute of the view object, the value indicative of one or more security privileges for the attribute of the business objects stored in the datasource; and
  
  generating, with a processor of the computer system, a definition for the view object such that instances of the view object instantiated from the definition, based on a determination that the one or more security privileges specified in the custom property for the at least one attribute of the view object are not satisfied, cache a portion of the data corresponding to the business objects stored in the datasource that excludes data corresponding to the attribute of the business objects.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein receiving, at the computer system, the information defining the custom property of the at least one attribute of the view object comprises receiving information defining the custom property with a predetermined named property designated by the application development framework for attribute-based security.
  - 3. The method of claim 1 wherein receiving, at the computer system, the information defining the custom property of the at least one attribute of the view object comprises receiving the information as input from a user interacting with one or more graphical user interfaces associated with the application development framework, the one or more graphical user interfaces configured to enable users to define custom properties for attributes of view object.
  - 4. The method of claim 1 further comprising:
    - receiving, at the computer system, information defining a custom property of the view object, the custom property of the view object configured to enable data security for the business objects stored in the datasource.
  - 5. The method of claim 1 wherein generating, with the processor of the computer system, the definition for the view object comprises generating an eXtensible Markup Language (XML) file definition for the view object.
  - 6. A system for developing applications that provide data security, the system comprising one or more computers systems each configured to implement at least one or all of the steps of the method of claim 1.

7. A computer-readable storage medium storing computer-executable code for developing applications that provide data security, the computer-readable storage medium comprising:
- code for receiving information specifying a view object as a component of an application development framework, the view object defining how to obtain data corresponding to business objects stored in a datasource for use by an application created by the application development framework, the view object having at least one attribute corresponding to an attribute of the business objects stored in the datasource;
  
  code for receiving information defining a custom property of the at least one attribute of the view object, the custom property configured to enable attribute-based security for the attribute of the business objects stored in the datasource;
  
  code for receiving a value for the custom property of the at least one attribute of the view object, the value indicative of one or more security privileges for the attribute of the business objects stored in the datasource; and
  
  code for generating a definition for the view object such that instances of the view object instantiated from the definition, based on a determination that the one or more security privileges specified in the custom property for the at least one attribute of the view object are not satisfied, cache a portion of the data corresponding to the business objects stored in the datasource that excludes data corresponding to the attribute of the business objects.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer-readable storage medium of claim 7 wherein the code for receiving the information defining the custom property of the at least one attribute of the view object comprises code for receiving information defining the custom property with a predetermined named property designated by the application development framework for attribute-based security.
  - 9. The computer-readable storage medium of claim 7 wherein the code for receiving the information defining the custom property of the at least one attribute of the view object comprises code for receiving the information as input from a user interacting with one or more graphical user interfaces associated with the application development framework, the one or more graphical user interfaces configured to enable users to define custom properties for attributes of view object.
  - 10. The computer-readable storage medium of claim 7 further comprising:
    - code for receiving information defining a custom property of the view object, the custom property of the view object configured to enable data security for the business objects stored in the datasource.
  - 11. The computer-readable storage medium of claim 7 wherein the code for generating the definition for the view object comprises code for generating an eXtensible Markup Language (XML) file definition for the view object.

12. A computer-implemented for implementing attribute security, the method comprising:
- identifying, with a processor associated with a computer system, a view object associated with a user interface environment, the view object defining how to obtain for the user interface environment data corresponding to business objects stored in a first datasource;
  
  identifying, with the processor associated with the computer system, an attribute of the view object corresponding to an attribute of the business objects stored in the first datasource, the attribute of the view object having a custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource;
  
  determining, with the processor associated with the computer system, a value for the custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource, the value indicative of one or more security privileges for the attribute of the business objects stored in the first datasource;
  
  determining, with the processor associated with the computer system, whether the one or more security privileges specified in the custom property for the attribute of the view object are satisfied; and
  
  based on a determination that the one or more security privileges specified in the custom property for the attribute of the view object are not satisfied, caching in a second datasource a portion of the data corresponding to the business objects stored in the first datasource that excludes data corresponding to the attribute of the business objects.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 further comprising:
    - based on a determination that the one or more security privileges specified in the custom property for the attribute of the view object are satisfied, caching in the second datasource a portion of the data corresponding to the business objects stored in the first datasource that includes data corresponding to the attribute of the business objects.
  - 14. The method of claim 12 further comprising:
    - presenting, with the processor associated with the computer system, the cached portion to the user interface environment based on the view object, the view object defining how to present for the user interface environment the data corresponding to the business objects stored in the first datasource.
  - 15. The method of claim 14 wherein presenting the cached portion to the user interface environment comprises generating information causing the user interface environment to display the second data with a visual indication that the one or more security privileges specified in the custom property for the attribute of the view object have not been satisfied.
  - 16. The method of claim 14 wherein presenting the cached portion to the user interface environment comprises generating information causing the user interface environment to display the second data with a series of asterisks in place of the data corresponding to the attribute of the business objects.
  - 17. A system for implementing attribute security, the system comprising one or more computers systems each configured to implement at least one or all of the steps of the method of claim 12.

18. A computer-readable storage medium storing computer-executable code for implementing attribute security, the computer-readable storage medium comprising:
- code for identifying a view object associated with a user interface environment, the view object defining how to obtain for the user interface environment data corresponding to business objects stored in a first datasource;
  
  code for identifying an attribute of the view object corresponding to an attribute of the business objects stored in the first datasource, the attribute of the view object having a custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource;
  
  code for determining a value for the custom property enabling attribute-based security for the attribute of the business objects stored in the first datasource, the value indicative of one or more security privileges for the attribute of the business objects stored in the first datasource;
  
  code for determining whether the one or more security privileges specified in the custom property for the attribute of the view object are satisfied; and
  
  code for, based on a determination that the one or more security privileges specified in the custom property for the attribute of the view object are not satisfied, caching in a second datasource a portion of the data corresponding to the business objects stored in the first datasource that excludes data corresponding to the attribute of the business objects.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The computer-readable storage medium of claim 18 further comprising:
    - code for, based on a determination that the one or more security privileges specified in the custom property for the attribute of the view object are satisfied, caching in the second datasource a portion of the data corresponding to the business objects stored in the first datasource that includes data corresponding to the attribute of the business objects.
  - 20. The computer-readable storage medium of claim 18 further comprising:
    - code for presenting the cached portion to the user interface environment based on the view object, the view object defining how to present for the user interface environment the data corresponding to the business objects stored in the first datasource.
  - 21. The computer-readable storage medium of claim 20 wherein the code for presenting the cached portion to the user interface environment comprises code for generating information causing the user interface environment to display the second data with a visual indication that the one or more security privileges specified in the custom property for the attribute of the view object have not been satisfied.
  - 22. The computer-readable storage medium of claim 20 wherein the code for presenting the cached portion to the user interface environment comprises code for generating information causing the user interface environment to display the second data with a series of asterisks in place of the data corresponding to the attribute of the business objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sanghal, Nischal, Munday, Terence

Granted Patent

US 9,753,737 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/108
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 9/44 Arrangements for executing ...

DECLARATIVE ATTRIBUTE SECURITY USING CUSTOM PROPERTIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

DECLARATIVE ATTRIBUTE SECURITY USING CUSTOM PROPERTIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links