ROW LEVEL SECURITY INTEGRATION OF ANALYTICAL DATA STORE WITH CLOUD ARCHITECTURE
First Claim
1. A method of building an analytic sub-structure from a secure read-only analytic data structure, the method comprising:
- receiving an authenticated and authorized command to build an analytic sub-structure that satisfies a subset query from the secure read-only analytic data structure, wherein the secure read-only analytic data structure includes security tokens associated with secured objects that govern access to the secured objects;
applying security translation rules to construct at least one query security token based on the authenticated and authorized command, wherein the at least one query security token qualifies the authenticated and authorized command to access one or more secured objects in the secure read-only analytic data structure; and
supplying the subset query and the at least one query security token to a query engine and receiving, as the analytic sub-structure, the one or more secured objects from the secure read-only analytic data structure that satisfy the subset query and that have an associated security token that matches the at least one query security token.
1 Assignment
0 Petitions
Accused Products
Abstract
A predicate-based row level security system is used when workers build or split an analytical data store. According to one implementation, predicate-based means that security requirements of source transactional systems can be used as predicates to a rule base that generates one or more security tokens, which are associated with each row as attributes of a dimension. Similarly, when an analytic data store is to be split, build job, user and session attributes can be used to generate complementary security tokens that are compared to security tokens of selected rows. Efficient indexing of a security tokens dimension makes it efficient to qualify row retrieval based on security criteria.
-
Citations
23 Claims
-
1. A method of building an analytic sub-structure from a secure read-only analytic data structure, the method comprising:
-
receiving an authenticated and authorized command to build an analytic sub-structure that satisfies a subset query from the secure read-only analytic data structure, wherein the secure read-only analytic data structure includes security tokens associated with secured objects that govern access to the secured objects; applying security translation rules to construct at least one query security token based on the authenticated and authorized command, wherein the at least one query security token qualifies the authenticated and authorized command to access one or more secured objects in the secure read-only analytic data structure; and supplying the subset query and the at least one query security token to a query engine and receiving, as the analytic sub-structure, the one or more secured objects from the secure read-only analytic data structure that satisfy the subset query and that have an associated security token that matches the at least one query security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium impressed with computer program instructions for building an analytic sub-structure from a secure read-only analytic data structure, the instructions, when executed on a hardware processor implement a method comprising:
-
receiving an authenticated and authorized command to build an analytic sub-structure that satisfies a subset query from the secure read-only analytic data structure, wherein the secure read-only analytic data structure includes security tokens associated with secured objects that govern access to the secured objects; applying security translation rules to construct at least one query security token based on the authenticated and authorized command, wherein the at least one query security token qualifies the authenticated and authorized command to access one or more secured objects in the secure read-only analytic data structure; and supplying the subset query and the at least one query security token to a query engine and receiving, as the analytic sub-structure, the one or more secured objects from is the secure read-only analytic data structure that satisfy the subset query and that have an associated security token that matches the at least one query security token. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus for building an analytic sub-structure from a secure read-only analytic data structure, the apparatus comprising:
-
a memory storing computer instructions; and a processor configured to execute the stored computer instructions to; receive an authenticated and authorized command to build an analytic sub-structure that satisfies a subset query from the secure read-only analytic data structure, wherein the secure read-only analytic data structure includes security tokens associated with secured objects that govern access to the secured objects; apply security translation rules to construct at least one query security token based on the authenticated and authorized command, wherein the at least one query security token qualifies the authenticated and authorized command to access one or more secured objects in the secure read-only analytic data structure; and supply the subset query and the at least one query security token to a query engine and receive, as the analytic sub-structure, the one or more secured objects from the secure read-only analytic data structure that satisfy the subset query and that have an associated security token that matches the at least one query security token.
-
Specification