TOPOLOGICAL QUERY IN MULTI-TENANCY ENVIRONMENT
First Claim
1. A method comprising:
- accessing a topological database with multi-tenancy capability that represents an information technology environment, each node of the topological database representing a configuration item within the environment, each node being characterized by a tenant authorization rule (TAR) that indicates a list of tenants of the topological database that are authorized to access the configuration item that corresponds to that node;
obtaining an unrestricted result to an unrestricted query, the unrestricted query being representable as a sub-graph isomorphism, the unrestricted result to the unrestricted query including any groups of the nodes of the database that satisfy the sub-graph isomorphism;
applying a tenant query to the unrestricted result to obtain an authorized result, the tenant query being representable by a sub-graph isomorphism that is substantially of the same form as the sub-graph isomorphism representation of the unrestricted query, the authorized result including identification of any of the groups whose component nodes are each characterized by a TAR that authorizes access by the querying tenant; and
issuing a notification on the basis of the obtained authorized result.
8 Assignments
0 Petitions
Accused Products
Abstract
Each node of a topological database that represents an information technology environment with multi-tenancy capability represents a configuration item within the environment and is characterized by a tenant authorization rule that indicates a list of tenants that are authorized to access the corresponding configuration. An unrestricted result to an unrestricted query is obtained, the unrestricted query being representable as a sub-graph isomorphism. The unrestricted result includes groups of nodes of the database that satisfy the isomorphism. A tenant query is applied to the unrestricted result to obtain an authorized result, the tenant query being representable by the same sub-graph isomorphism as the unrestricted query. The authorized result includes identification of any of the groups whose component nodes are each characterized by a TAR that authorizes access by the querying tenant. A notification is issued to the querying tenant on the basis of the obtained authorized result.
-
Citations
15 Claims
-
1. A method comprising:
-
accessing a topological database with multi-tenancy capability that represents an information technology environment, each node of the topological database representing a configuration item within the environment, each node being characterized by a tenant authorization rule (TAR) that indicates a list of tenants of the topological database that are authorized to access the configuration item that corresponds to that node; obtaining an unrestricted result to an unrestricted query, the unrestricted query being representable as a sub-graph isomorphism, the unrestricted result to the unrestricted query including any groups of the nodes of the database that satisfy the sub-graph isomorphism; applying a tenant query to the unrestricted result to obtain an authorized result, the tenant query being representable by a sub-graph isomorphism that is substantially of the same form as the sub-graph isomorphism representation of the unrestricted query, the authorized result including identification of any of the groups whose component nodes are each characterized by a TAR that authorizes access by the querying tenant; and issuing a notification on the basis of the obtained authorized result. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium having stored thereon instructions that when executed by a processor will cause the processor to:
-
receive a tenant query to a topological database with multi-tenancy capability from a tenant of topological database, wherein each node of the topological database represents a configuration item within an information technology environment, each node being characterized by a TAR that indicates a list of those tenants that are authorized to access the configuration item that corresponds to that node, and wherein the tenant query is representable as a sub-graph isomorphism of the database; obtain an unrestricted result to an unrestricted query to the database, the sub-graph isomorphism of the unrestricted query having substantially the same form as the tenant query, the unrestricted result including any groups of the nodes of the database that satisfy the sub-graph isomorphism of the unrestricted query; apply the tenant query to the obtained unrestricted result to obtain an authorized result, the authorized result including identification of any of the groups whose component nodes are each characterized by a TAR that authorizes access by the tenant; and issue a notification on the basis of the obtained authorized result. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
Specification