DATABASE ACCESS CONTROL FOR MULTI-TIER PROCESSING
First Claim
1. A method comprising:
- receiving an application request having an identification parameter to an application server at an application layer;
querying, at the application layer, a database objects map that maps the application request to a database object and a database operation in a database layer;
determining the database object and the database operation for the application request from the database objects map;
accessing one or more database access security rules for the identification parameter that specify a security action based on a security rule database object and a security rule database operation;
comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules; and
performing the security action in response to the database object and database operation determined from the application request being substantially similar to the security rule database object and security rule database operation from the one or more security rules.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the disclosure can include a method, a system, and a computer program product for controlling access to a database server in a multi-tiered processing system. The method can include receiving an application request having an identification parameter to an application server at an application layer. The method can also include querying a database objects map that maps the application request to a database object and a database operation in a database layer. The method can also include accessing one or more database access security rules for the identification parameter that specify a security action based on the database object and the database operation. The method can also include comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving an application request having an identification parameter to an application server at an application layer; querying, at the application layer, a database objects map that maps the application request to a database object and a database operation in a database layer; determining the database object and the database operation for the application request from the database objects map; accessing one or more database access security rules for the identification parameter that specify a security action based on a security rule database object and a security rule database operation; comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules; and performing the security action in response to the database object and database operation determined from the application request being substantially similar to the security rule database object and security rule database operation from the one or more security rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
an application server that is configured to receive an application request from an identification parameter using a front-end application; a database access security rule repository containing one or more security rules for the identification parameter that specifies a security action based on a security rule database object and a security rule database operation; a database objects map containing one or more application requests mapped to a database object and a database operation; and a front-end access control system configured to; receive, at an application layer, the application request having the identification parameter, query the database objects map, determine the database object and the database operation for the application request from the query, access one or more database access security rules for the identification parameter, compare the database object and database operation determined from the application request with the security rule database object and the security rule database operation from the one or more security rules; and perform the security action in response to the database object and database operation determined from the application request being substantially similar to the security rule database object and the security rule database operation from the one or more security rules. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for managing access to a database server, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code comprising computer readable program code configured to:
-
receive an application request having an identification parameter to an application server at an application layer; query, at the application layer, a database objects map that maps the application request to a database object and a database operation in a database layer; determine the database object and the database operation for the application request from the database objects map; access one or more database access security rules for the identification parameter that specify a security action based on a security rule database object and a security rule database operation; compare the database object and database operation determined from the application request with the security rule database object and the security rule database operation from the one or more security rules; and perform the security action in response to the database object and database operation determined from the application request being substantially similar to the security rule database object and the security rule database operation from the one or more security rules. - View Dependent Claims (18, 19, 20)
-
Specification