DATA ACCESS RULES IN A DATABASE LAYER
First Claim
1. A system comprising:
- one or more hardware processors,at least one database; and
a data access module implemented by the one or more hardware processors and configured to;
receive a query from a user of an application to access a dataset from the database;
identify at least one data access rule that is applicable to the dataset, the at least one data access rule specifying at least one authorized access group;
identify an authorized access group associated with the user; and
based on a comparison between the authorized access group associated with the user and each of the at least one authorized access group;
assembling a modified dataset based on the dataset and the at least one data access rule; and
transmitting the modified dataset to the application.
1 Assignment
0 Petitions
Accused Products
Abstract
The user of an application may query a data storage system with a request to access a dataset from a database of the system. The system identifies at least one data access rule that is applicable to the dataset, with the at least one data access rule specifying at least one user group authorized to access a restricted portion of the dataset. The system identifies an authorized access group associated with the application user and compares it to the at least one user group authorized to access the restricted portion of the dataset. If the authorized access group associated with the user does not match one of the at least one user group authorized to access the restricted portion of the dataset, the system assembles a modified dataset based on the dataset and the at least one data access rule and transmits the modified dataset to the application.
77 Citations
20 Claims
-
1. A system comprising:
-
one or more hardware processors, at least one database; and a data access module implemented by the one or more hardware processors and configured to; receive a query from a user of an application to access a dataset from the database; identify at least one data access rule that is applicable to the dataset, the at least one data access rule specifying at least one authorized access group; identify an authorized access group associated with the user; and based on a comparison between the authorized access group associated with the user and each of the at least one authorized access group; assembling a modified dataset based on the dataset and the at least one data access rule; and transmitting the modified dataset to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving a query from a user of an application to access a dataset from at least one database; identifying, using one or more hardware processors, at least one data access rule that is applicable to the dataset, the at least one data access rule specifying at least one authorized access group; identifying an authorized access group associated with the user; and based on a comparison between the authorized access group associated with the user and each of the at least one authorized access group; assembling a modified dataset based on the dataset and the at least one data access rule; and transmitting the modified dataset to the application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory machine-readable storage medium storing instructions which, when executed by one or more hardware processors of a machine, cause the machine to perform operations comprising:
-
receiving a query from a user of an application to access a dataset from at least one database; identifying at least one data access rule that is applicable to the dataset, the at least one data access rule specifying at least one authorized access group; identifying an authorized access group associated with the user; and based on a comparison between the authorized access group associated with the user and each of the at least one authorized access group; assembling a modified dataset based on the dataset and the at least one data access rule; and transmitting the modified dataset to the application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification