Database access method and system for user role defined access
First Claim
1. A database management system that controls access to stored data items of an organization based on a hierarchical structure of the organization, the hierarchical structure of the organization including multiple hierarchical organization levels that each include multiple hierarchical organization branches at that hierarchical organization level, each of the hierarchical organization branches deriving its own access attributes from the hierarchical organization level with which it is associated, the database management system comprising:
- a plurality of user entries representing users seeking access to data items, each of the user entries having multiple associated organizational access attributes that are hierarchically configured to represent the organization in such a manner that each organizational access attribute corresponds to one of the hierarchical organization branches at one of the hierarchical organization levels of the organization; and
an access control subsystem that is configured to repeatedly use the associated organizational access attributes of users to manage access to data items of the organization, the data items each associated with multiple of the organizational access attributes, the managing of the data item access by;
receiving a database query from a user requesting one or more data items;
reading the multiple organizational access attributes associated with the user;
reading the multiple organizational access attributes associated with each of the requested data items;
for each of the requested data items, determining based on the organizational access attributes of the user and of the data item whether to grant the user access to the data item by comparing the hierarchical organization levels for those organizational access attributes and by comparing the hierarchical organization branches for those organizational access attributes; and
presenting to the user the data items to which the user is determined to have access.
2 Assignments
0 Petitions
Accused Products
Abstract
Method and system for determination and granting of access to data and files by the file or database creator, owner or manager or by group or user access profiles. The database is partitionable among data owners, and access is awarded based upon the requestor'"'"'s organizational attributes.
2227 Citations
53 Claims
-
1. A database management system that controls access to stored data items of an organization based on a hierarchical structure of the organization, the hierarchical structure of the organization including multiple hierarchical organization levels that each include multiple hierarchical organization branches at that hierarchical organization level, each of the hierarchical organization branches deriving its own access attributes from the hierarchical organization level with which it is associated, the database management system comprising:
-
a plurality of user entries representing users seeking access to data items, each of the user entries having multiple associated organizational access attributes that are hierarchically configured to represent the organization in such a manner that each organizational access attribute corresponds to one of the hierarchical organization branches at one of the hierarchical organization levels of the organization; and
an access control subsystem that is configured to repeatedly use the associated organizational access attributes of users to manage access to data items of the organization, the data items each associated with multiple of the organizational access attributes, the managing of the data item access by;
receiving a database query from a user requesting one or more data items;
reading the multiple organizational access attributes associated with the user;
reading the multiple organizational access attributes associated with each of the requested data items;
for each of the requested data items, determining based on the organizational access attributes of the user and of the data item whether to grant the user access to the data item by comparing the hierarchical organization levels for those organizational access attributes and by comparing the hierarchical organization branches for those organizational access attributes; and
presenting to the user the data items to which the user is determined to have access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of managing access to data items in a database for an organization, the organization having a structure that includes multiple hierarchical organization levels that each include multiple hierarchical organization branches, the method comprising:
-
for each of multiple user entries associated with the database, associating multiple organizational access attributes with the user entry, the organizational access attributes each corresponding to one of the hierarchical organization branches at one of the hierarchical organization levels of the organization;
for each of multiple data items of the database, associating at least one of the organizational access attributes with the data item; and
after the associating of the organizational access attributes with the user entries and with the data items, using the associated organizational access attributes to manage access to the data items, by receiving a database query from a user requesting one or more data items that each have one or more associated organizational access attributes;
determining the multiple organizational access attributes associated with the user;
determining the organizational access attributes associated with the requested data items;
determining whether to grant the user access to the requested data items by comparing the hierarchical organization branches corresponding to the organizational access attributes of the user and of the data items and/or by comparing the hierarchical organization levels of those hierarchical organization branches; and
providing to the user the data items to which the user is determined to have access. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 33)
-
-
26. A computer-readable medium whose contents cause a computing device to manage access to data items in a database for an organization, the organization having a hierarchical structure that includes multiple organization levels and multiple hierarchical organization branches, the managing of the access to the data items by performing a method comprising:
-
for each of multiple user entries associated with the database, associating multiple organizational access attributes with the user entry, the organizational access attributes each corresponding to one of the hierarchical organization branches and one of the organization levels of the hierarchical organization;
for each of multiple data items of the database, associating at least one of the organizational access attributes with the data item; and
after the associating of the organizational access attributes with the user entries and with the data items, using the associated organizational access attributes to manage access to the data items, by receiving a database query from a user requesting one or more data items that each have one or more associated organizational access attributes;
determining the multiple organizational access attributes associated with the user;
determining the organizational access attributes associated with the requested data items;
determining whether to grant the user access to the requested data items by comparing the hierarchical organization branches corresponding to the organizational access attributes of the user and of the data items and/or by comparing the organization levels corresponding to the organizational access attributes of the user and of the data items; and
providing to the user access to the data items to which the user is determined to have access. - View Dependent Claims (27, 28, 29, 30, 31, 32, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A computing system that manages access to stored data items of an organization based on a hierarchical structure of the organization, the hierarchical structure of the organization including multiple hierarchical organization branches that each have multiple organization levels, the computing system comprising:
-
a plurality of stored entries for users of the organization that each have multiple associated organizational access attributes, the organizational access attributes each corresponding to one of the hierarchical organization branches and one of the organization levels of the organization;
a plurality of stored data items for the organization that each have at least one associated organizational access attribute; and
an access control subsystem that is configured to determine whether to grant a user access to one or more data items that each have one or more associated organizational access attributes by determining the organizational access attributes associated with the user and the organizational access attributes associated with the data items and by comparing the hierarchical organization branches'"'"' corresponding to the organizational access attributes of the user and of the data items and/or comparing the organization levels corresponding to the organizational access attributes of the user and of the data items, and that is configured to provide to the user access to the data items when the user is determined to have access to the data items. - View Dependent Claims (52, 53)
-
Specification