DATABASE ACCESS CONTROL
First Claim
Patent Images
1. A method for database access control, comprising:
- receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories;
generating a security table that identifies the one or more data categories to which the requesting user has access;
generating, based on a query of a base table that maps each of a plurality of data entries to at least one data category of the one or more data categories, a candidate data entry table that includes data entries identified by the access request and the data categories to which each included data entry is mapped within the base table;
performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising a data entry within the candidate data entry table mapped to at least one data category included within the security table; and
providing the generated result set to the requesting user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for database access control includes receiving an access request from a requesting user, the access request identifying one or more data entries stored in a base table storing a plurality a data entries each associated with a data category. The identified one or more data entries from the base table are retrieved and a security table including one or more data categories to which the requesting user is authorized to access is generated based on an identity of the requesting user. The data entries associated with a data category included in the security table are outputted as a result table.
65 Citations
20 Claims
-
1. A method for database access control, comprising:
-
receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories; generating a security table that identifies the one or more data categories to which the requesting user has access; generating, based on a query of a base table that maps each of a plurality of data entries to at least one data category of the one or more data categories, a candidate data entry table that includes data entries identified by the access request and the data categories to which each included data entry is mapped within the base table; performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising a data entry within the candidate data entry table mapped to at least one data category included within the security table; and providing the generated result set to the requesting user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A database access control system, comprising:
-
a non-transitory computer-readable memory storing executable computer instructions, the instructions comprising instructions for; receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories; generating a security table that identifies the one or more data categories to which the requesting user has access; generating, based on a query of a base table that maps each of a plurality of data entries to at least one data category of the one or more data categories, a candidate data entry table that includes data entries identified by the access request and the data categories to which each included data entry is mapped within the base table; performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising a data entry within the candidate data entry table mapped to at least one data category included within the security table; and providing the generated result set to the requesting user; and a processor configured to execute the computer instructions. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for database access control, comprising:
-
receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories; generating based on the user credentials, a security table that identifies the one or more data categories to which the requesting user has access; retrieving a candidate data entry table that maps data entries identified by the access request to one or more data categories, the categories including at least one category to which the user has access and at least one category to which the user does not have access; performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising only those data entries within the candidate data entry table that are mapped to at least one data category included within the security table to which the user has access; and providing the generated result set to the requesting user. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A database access control system, comprising:
-
a non-transitory computer-readable memory storing executable computer instructions, the instructions comprising instructions for; receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories; generating based on the user credentials, a security table that identifies the one or more data categories to which the requesting user has access; retrieving a candidate data entry table that maps data entries identified by the access request to one or more data categories, the categories including at least one category to which the user has access and at least one category to which the user does not have access; performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising only those data entries within the candidate data entry table that are mapped to at least one data category included within the security table to which the user has access; and providing the generated result set to the requesting user; and a processor configured to execute the computer instructions. - View Dependent Claims (17, 18, 19, 20)
-
Specification