Accessing Data Stored In A Database System

US 20190318113A1
Filed: 10/21/2016
Published: 10/17/2019
Est. Priority Date: 10/21/2016
Status: Active Application

First Claim

Patent Images

1. A computer-implemented method for accessing data stored in a database system comprising a controller configured in such a way that the data is stored with relationships between data-elements of the data, and with enforcement of integrity of the data;

whereina first data-element and a second data-element of the data are stored in the database system with a relationship between the first data-element and the second data-element;

whereinthe first data-element is stored in the database system encapsulated by one or more first access-procedures so that the first data-element is accessible exclusively by calling the one or more first access-procedures;

whereinthe second data-element is stored in the database system encapsulated by one or more second access-procedures so that the second data-element is accessible exclusively by calling the one or more second access-procedures;

whereinthe database system further stores access authorization data indicating, at data-element level, whether access to second data-element is authorized to a first user identified in the database system through corresponding credentials that enable the first user to log in and operate in the database system;

the method comprising;

receiving, by the controller, a call by the first user to a first access-procedure of the one or more first access-procedures for attempting to access the first data-element, said first access-procedure of the one or more first access-procedures including a call to a second access-procedure of the one or more second access-procedures for attempting to access the second data-element based on the relationship between first and second data-elements;

performing, by the controller, the call to said first access-procedure of the one or more first access-procedures;

verifying, by the controller, whether the first user is authorized to access the second data-element according to the access authorization data;

performing, by the controller, the call to said second access-procedure of the one or more second access-procedures; and

returning, by the controller, a result of the attempt to access the second data-element, including an indicator of whether the first user is authorized to access the second data-element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented methods are disclosed for accessing data stored in a database system comprising a controller configured in such a way that data is stored with relationships between data-elements of the data, and with enforcement of data integrity. The method comprises receiving, by the controller, a call by first user to a first access-procedure for accessing a first data-element, the first access-procedure including a call to second access-procedure for accessing a second data-element based on a relationship between the first and second data-elements; performing, by the controller, the call to the first access-procedure; verifying, by the controller, whether the first user is authorized to access the second data-element according to access authorization data; performing, by the controller, the call to the second access-procedure; and returning, by the controller, a result of the access to the second data-element including an indicator of authorized access to the second data-element. Computer programs and database systems suitable for performing such methods are also disclosed.

3 Citations

23 Claims

1. A computer-implemented method for accessing data stored in a database system comprising a controller configured in such a way that the data is stored with relationships between data-elements of the data, and with enforcement of integrity of the data;
- whereina first data-element and a second data-element of the data are stored in the database system with a relationship between the first data-element and the second data-element;
  
  whereinthe first data-element is stored in the database system encapsulated by one or more first access-procedures so that the first data-element is accessible exclusively by calling the one or more first access-procedures;
  
  whereinthe second data-element is stored in the database system encapsulated by one or more second access-procedures so that the second data-element is accessible exclusively by calling the one or more second access-procedures;
  
  whereinthe database system further stores access authorization data indicating, at data-element level, whether access to second data-element is authorized to a first user identified in the database system through corresponding credentials that enable the first user to log in and operate in the database system;
  
  the method comprising;
  
  receiving, by the controller, a call by the first user to a first access-procedure of the one or more first access-procedures for attempting to access the first data-element, said first access-procedure of the one or more first access-procedures including a call to a second access-procedure of the one or more second access-procedures for attempting to access the second data-element based on the relationship between first and second data-elements;
  
  performing, by the controller, the call to said first access-procedure of the one or more first access-procedures;
  
  verifying, by the controller, whether the first user is authorized to access the second data-element according to the access authorization data;
  
  performing, by the controller, the call to said second access-procedure of the one or more second access-procedures; and
  
  returning, by the controller, a result of the attempt to access the second data-element, including an indicator of whether the first user is authorized to access the second data-element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23)
- - 2. A computer-implemented method according to claim 1, wherein the second data-element is stored in the database system with data indicating whether the second data-element belongs to a set of data-elements created by a second user.
  - 3. A computer-implemented method according to claim 2, wherein the access authorization data indicates whether access to the data-elements in the set of data-elements created by the second user is authorized to the first user.
  - 4. A computer-implemented method according to claim 3, wherein verifying whether the first user is authorized to access the second data-element comprisesverifying, by the controller, whether the first user is authorized to access the data-elements in the set of data-elements created by the second user.
  - 5. A computer-implemented method according to claim 1, wherein the access authorization data indicating whether access to the second data-element is authorized to the first user includes a start date of the authorization.
  - 6. A computer-implemented method according to claim 5, wherein verifying whether the first user is authorized to access the second data-element comprisesverifying, by the controller, whether a current date is later than the start date of the authorization to access the second data-element.
  - 7. A computer-implemented method according to claim 1, wherein the access authorization data indicating whether access to the second data-element is authorized to the first user includes an end date of the authorization.
  - 8. A computer-implemented method according to claim 7, wherein verifying whether the first user is authorized to access the second data-element comprisesverifying, by the controller, whether a current date is earlier than the end date of the authorization to access the second data-element.
  - 9. A computer-implemented method according to claim 1, wherein the database system stores call authorization data indicating, at access-procedure level, whether the first user is authorized to call the second access-procedure of the one or more second access-procedures;
    - wherein the method further comprisesverifying, by the controller, whether the first user is authorized to call the second access-procedure of the one or more second access-procedures according to the call authorization data; and
      
      whereinthe returned indicator of whether the first user is authorized to access the second data-element further indicates whether the first user is authorized to call the second access-procedure of the one or more second access-procedures.
  - 10. A computer-implemented method according to claim 9, wherein the second access-procedure of the one or more second access-procedures is stored in the database system with data indicating whether said second access-procedure belongs to a set of access-procedures created by a third user.
  - 11. A computer-implemented method according to claim 10, wherein the call authorization data indicates whether call to access-procedures in the set of access-procedures created by the third user is authorized to the first user.
  - 12. A computer-implemented method according to claim 11, wherein verifying whether the first user is authorized to call the second access-procedure of the one or more second access-procedures comprisesverifying, by the controller, whether the first user is authorized to call the access-procedures in the set of access-procedures created by the third user.
  - 13. A computer-implemented method according to claim 1, wherein the call authorization data indicating whether the first user is authorized to call the second access-procedure of the one or more second access-procedures includes a start date of the authorization.
  - 14. A computer-implemented method according to claim 13, wherein verifying whether the first user is authorized to call the second access-procedure of the one or more second access-procedures comprisesverifying, by the controller, whether a current date is later than the start date of the authorization to call the second access-procedure of the one or more second access-procedures.
  - 15. A computer-implemented method according to claim 1, wherein the call authorization data indicating whether the first user is authorized to call the second access-procedure of the one or more second access-procedures includes an end date of the authorization.
  - 16. A computer-implemented method according to claim 15, wherein verifying whether the first user is authorized to call the second access-procedure of the one or more second access-procedures comprisesverifying, by the controller, whether a current date is earlier than the end date of the authorization to call the second access-procedure of the one or more second access-procedures.
  - 17. A computer-implemented method according to claim 1, wherein the call authorization data further indicates whether a fourth user who created the first access-procedure of the one or more first access-procedures in the database system is authorized to call the second access-procedure of the one or more second access-procedures.
  - 18. A computer-implemented method according to claim 17, wherein the second access-procedure of the one or more second access-procedures is called, by the controller, as if the first user were authorized to call said second access-procedure based on whetherthe first user is authorized to call the first access-procedure of the one or more first access-procedures and the fourth user, who created said first access-procedure, is authorized to call the second access-procedure of the one or more second access-procedures.
  - 19. A computer program product comprising program instructions for causing a computing system to perform a computer-implemented method according to claim 1 for accessing data stored in a database system.
  - 20. A computer program product according to claim 19, embodied on a storage medium.
  - 21. A computer program product according to claim 19, carried on a carrier signal.
  - 23. A database system for accessing data stored in the database system, comprising a controller configured in such a way that the data is stored with relationships between data-elements of the data, and with enforcement of integrity of the data;
    - whereina first data-element and a second data-element of the data are stored in the database system with a relationship between the first data-element and the second data-element;
      
      whereinthe first data-element is stored in the database system encapsulated by one or more first access-procedures so that the first data-element is accessible exclusively by calling the one or more first access-procedures;
      
      whereinthe second data-element is stored in the database system encapsulated by one or more second access-procedures so that the second data-element is accessible exclusively by calling the one or more second access-procedures;
      
      whereinthe database system further stores access authorization data indicating, at data-element level, whether access to second data-element is authorized to a first user identified in the database system through corresponding credentials that enable the first user to log in and operate in the database system; and
      
      whereinthe controller comprises a memory and a processor, embodying instructions stored in the memory and executable by the processor, the instructions comprising functionality to execute a computer-implemented method according to claim 1 for accessing data stored in the database system.

22. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barcelona Supercomputing Center, Universitat Politecnica De Catalunya
Original Assignee
Barcelona Supercomputing Center
Inventors
Cortes Rossello, Antonio, Marti Fraiz, Jonathan, Queralt Calafat, Anna, Gasull Moreira, Daniel

Application Number

US16/343,348
Publication Number

US 20190318113A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/2365   Ensuring data consistency a...

G06F 16/2443   Stored procedures

G06F 21/6218   to a system of files or obj...

Accessing Data Stored In A Database System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

3 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing Data Stored In A Database System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links