Data access control apparatus for limiting data access in accordance with user attribute

US 6,275,825 B1
Filed: 12/21/1998
Issued: 08/14/2001
Est. Priority Date: 12/29/1997
Status: Expired due to Term

First Claim

Patent Images

1. A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprising:

user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users;

definition means for defining a user group corresponding to contents of the data item representing the user attribute;

generation means for generating user group information representing that a user group is made to correspond to each user;

access right information storage means for storing access right information in correspondence with the user group, the access right information representing whether access to the data in the database is allowed; and

access control means for, when an arbitrary user is designated in accessing the database, determining a user group, to which the arbitrary user belongs, with reference to the user group information generated by said generation means, and determining on the basis of the access right information made to correspond to the determined user group whether access to the data in the database is allowed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a data access control apparatus arranged to automatically set access right information limiting data access, in accordance with a user attribute when a user accesses a database. In setting, for a plurality of users, access right information corresponding to each user, the load on an operator can be reduced, and access right information setting errors can be prevented. An automatic setting unit reads out information from a login management information file and an employee information file on the basis of definition information of a definition files to automatically generate a user access right management file which stores a login ID, an item access right, and a record access right group code for each user. When a login ID is input in accessing the employee information file, a setting controller refers to the management file to determine a user group to which the user belongs and an access enabled/disabled state of the data on the basis of the access right made to correspond to this user group.

229 Citations

24 Claims

1. A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprising:
- user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users;
  
  definition means for defining a user group corresponding to contents of the data item representing the user attribute;
  
  generation means for generating user group information representing that a user group is made to correspond to each user;
  
  access right information storage means for storing access right information in correspondence with the user group, the access right information representing whether access to the data in the database is allowed; and
  
  access control means for, when an arbitrary user is designated in accessing the database, determining a user group, to which the arbitrary user belongs, with reference to the user group information generated by said generation means, and determining on the basis of the access right information made to correspond to the determined user group whether access to the data in the database is allowed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. An apparatus according to claim 1, wherein said definition means defines a user group corresponding to a user post.
  - 3. An apparatus according to claim 1, wherein said definition means defines a user group corresponding to a department to which a user belongs.
  - 4. An apparatus according to claim 1, wherein said access right information storage means stores item access right information representing an access enabled/disabled state of data for each item constituting the data.
  - 5. An apparatus according to claim 4, wherein said access right information storage means comprises item access right setting means for arbitrarily setting item access right information representing an access enabled/disabled state of data for each item constituting the data in correspondence with each user group.
  - 6. An apparatus according to claim 1, wherein said access right information storage means stores record access right information representing an access enabled/disabled state of data for each record constituting the data in correspondence with each user group.
  - 7. An apparatus according to claim 6, wherein said access right information storage means comprises record access right setting means for arbitrarily setting record access right information representing an access enabled/disabled state of data for each record constituting the data in correspondence with each user group.
  - 8. An apparatus according to claim 1, wherein said access right information storage means stores, in correspondence with each user group, item access right information representing an access enabled/disabled state of data for each item constituting the data and record access right information representing an access enabled/disabled state of data for each record constituting the data.
  - 9. An apparatus according to claim 8, wherein said access right information storage means comprises access right setting means for arbitrarily setting item access right information representing an access enabled/disabled state for each item constituting the data in correspondence with each user group and record access right information representing an access enabled/disabled state of the data for each record constituting the data in correspondence with each user group.
  - 10. An apparatus according to claim 1, wherein said generation means generates user group information which makes a user group correspond to each user when a data item representing a user attribute and stored in said user information storage means is changed.
  - 11. An apparatus according to claim 1, further comprising language generation means for generating a predetermined database language for analyzing access right information corresponding to the user group to access the database.

12. A recording medium which records a program for causing a computer to realize a predetermined function, comprising:
- a program for realizing a function of referring to user information storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users, and definition information defining a user group corresponding to contents of the data item representing the user attribute, and of generating user group information made to correspond to the user group in units of users; and
  
  a program for realizing a function of, when an arbitrary user is designated in accessing a database, referring to the user group information to determine a user group to which the arbitrary user belongs, and determining an access enabled/disabled state of data in the database on the basis of the access right information representing the access enabled/disabled state of the data in the database and made to correspond to the determined user group.

13. A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprising:
- user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users;
  
  first definition means for defining a user group corresponding to contents of the data item representing the user attribute;
  
  second definition means for defining a relationship between the identification information unique to the user and login information input and designated in accessing data in the database;
  
  generation means for generating user group information which makes the login information correspond to the user group in units of users;
  
  access right information storage means for storing access right information representing an access enabled/disabled state of data in the database in correspondence with a user group; and
  
  access control means for, when arbitrary login information is input in accessing the database, referring to user group information generated by said generation means to determine a user group to which the user belongs, and determining the access enabled/disabled state of the data in the database on the basis of the access right information made to correspond to the determined user group.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. An apparatus according to claim 13, wherein said first definition means defines a user group corresponding to a user post.
  - 15. An apparatus according to claim 13, wherein said first definition means defines a user group corresponding to a department to which a user belongs.
  - 16. An apparatus according to claim 13, wherein said access right information storage means stores item access right information representing an access enabled/disabled state of data for each item constituting the data.
  - 17. An apparatus according to claim 16, wherein said access right information storage means comprises item access right setting means for arbitrarily setting item access right information representing an access enabled/disabled state of data for each item constituting the data in correspondence with each user group.
  - 18. An apparatus according to claim 13, wherein said access right information storage means stores record access right information representing an access enabled/disabled state of data for each record constituting the data in correspondence with each user group.
  - 19. An apparatus according to claim 18, wherein said access right information storage means comprises record access right setting means for arbitrarily setting record access right information representing an access enabled/disabled state of data for each record constituting the data in correspondence with each user group.
  - 20. An apparatus according to claim 13, wherein said access right information storage means stores, in correspondence with each user group, item access right information representing an access enabled/disabled state of data for each item constituting the data and record access right information representing an access enabled/disabled state of data for each record constituting the data.
  - 21. An apparatus according to claim 20, wherein said access right information storage means comprises access right setting means for arbitrarily setting item access right information representing an access enabled/disabled state for each item constituting the data in correspondence with each user group and record access right information representing an access enabled/disabled state of the data for each record constituting the data in correspondence with each user group.
  - 22. An apparatus according to claim 13, wherein said generation means generates user group information which makes a user group correspond to each user when a data item representing a user attribute is changed.
  - 23. An apparatus according to claim 13, further comprising language generation means for generating a predetermined database language for analyzing access right information corresponding to the user group to access the database.

24. A recording medium which records a program for causing a computer to realize a predetermined function, comprising:
- a program for realizing a function of referring to user information storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users, definition information defining a user group corresponding to contents of the data item representing the user attribute, and definition information defining a relationship between the identification information. unique to the user and login information input and designated in accessing data in the database and of generating user group information which makes the login information correspond to the user group in units of users; and
  
  a program for realizing a function of, when arbitrary login information is designated in accessing a database, referring to the user group information to determine a user group to which the user belongs, and determining an access enabled/disabled state of data in the database on the basis of the access right information representing the access enabled/disabled state of the data in the database and made to correspond to the determined user group and the user access right information stored in correspondence with the determined user group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Casio Computer Company Limited
Original Assignee
Casio Computer Company Limited
Inventors
Machida, Tomohiro, Kobayashi, Yoichi, Isomura, Kunihiko
Primary Examiner(s)
Alam, Hosain T.
Assistant Examiner(s)
ALAM, SHAHID AL

Application Number

US09/218,529
Time in Patent Office

967 Days
Field of Search

707/9, 707/104, 707/1, 707/6, 707/103, 707/200, 707/10, 709/225, 709/106, 709/220, 709/315, 711/100, 711/200, 713/201, 713/202, 713/187, 705/30, 705/52, 705/54, 705/80
US Class Current

707/737
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6227   where protection concerns t...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99939   Privileged access

Data access control apparatus for limiting data access in accordance with user attribute

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

229 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Data access control apparatus for limiting data access in accordance with user attribute

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

229 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links