Control of database access using security/user tag correspondence table
First Claim
1. A method of controlling access by a user to a database which comprises a set of data divided into sub-sets of data, said method comprising the steps of:
- assigning a single security tag to each sub-set of data in at least some of said sub-sets of data,assigning a user tag to an identifier for each user in a user table,assigning at least one security tag to each user tag in a security table,utilising the user table to obtain the user tag for the user,utilising the security table to obtain at least one security tag corresponding to the user tag, andpermitting the user to access any sub-set of data having said at least one security tag.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus controls access to data in a database by configuring at least part of the database such that at least some of the data of the configured database is associated with a security tag, configuring a storage structure of user identifiers and associated user tags configuring a storage structure of user tags and associated security tags and mapping a user identifier to at least a sub-set of the data by determining from the storage structure of user tag and associated security tags a security tag or tags appropriate for the user tag of the user identifier and allowing access to the data from the configured database associated with the security tag or tags. By providing a storage structure of user tags and associated security tags it is possible to change the security policy by modification of the data in the storage structure alone without any need to modify the data in the configured database.
-
Citations
4 Claims
-
1. A method of controlling access by a user to a database which comprises a set of data divided into sub-sets of data, said method comprising the steps of:
-
assigning a single security tag to each sub-set of data in at least some of said sub-sets of data, assigning a user tag to an identifier for each user in a user table, assigning at least one security tag to each user tag in a security table, utilising the user table to obtain the user tag for the user, utilising the security table to obtain at least one security tag corresponding to the user tag, and permitting the user to access any sub-set of data having said at least one security tag. - View Dependent Claims (2)
-
-
3. An apparatus for controlling access by a user to a database divided into sub-sets of data, said apparatus comprising:
-
means for assigning a single security tag to each sub-set of data in at least some of said sub-sets of data, means for assigning a user tag to an identifier for each user in a user table, means for assigning at least one security tag to each user tag in a security table, means for utilising the user table to obtain the user tag for a user, means for utilising the security table to obtain at least one security tag corresponding to a user tag, and means for permitting a user to access any sub-set of data having said at least one security tag. - View Dependent Claims (4)
-
Specification
-
- Resources
-
Current AssigneeBritish Telecommunications PLC (BT Group PLC)
-
Original AssigneeBritish Telecommunications PLC (BT Group PLC)
-
InventorsHart, Keith
-
Primary Examiner(s)KULIK, PAUL V
-
Application NumberUS08/693,293Time in Patent Office706 DaysField of Search707/8, 707/9, 707/186, 707/187.01, 707/472, 707/490, 707/491, 707/726, 380/3, 380/4, 380/25, 395/186US Class Current1/1CPC Class CodesG06F 21/6227 where protection concerns t...Y10S 707/99939 Privileged access
